TrapDoor malware campaign steals crypto wallet data through fake developer tools
TrapDoor malware has emerged as a new threat to crypto and AI developers after researchers uncovered a supply chain attack designed to steal wallet data, API keys, cloud credentials, and SSH access through poisoned developer packages.
- Socket said the TrapDoor malware campaign has spread through more than 34 malicious developer packages across npm, PyPI, and Rust ecosystems.
- Attackers targeted crypto and AI developers by stealing wallet data, GitHub tokens, cloud credentials, and SSH keys through disguised software tools.
According to a report published Sunday by developer security platform Socket, the campaign, dubbed “TrapDoor,” was first identified on Friday and has already spread through at least 34 malicious packages and 384 connected versions across multiple software ecosystems.
Socket said the attackers have focused on developers working in cryptocurrency, decentralized finance, artificial intelligence, and security infrastructure, where exposed credentials can provide access to wallets, repositories, cloud environments, and internal systems.
Among the targeted services are wallets and platforms linked to Coinbase, Binance, MetaMask, Brave, along with blockchain ecosystems tied to Solana, Sui, and Aptos.
Ahmad Nassri, chief technology officer at Socket, said the malware also attempts to manipulate AI coding assistants such as Claude and Cursor by injecting hidden prompts into development workflows. Socket’s report stated that the attackers appear to be pushing AI tools into running fake “security scans” that expose secrets and transmit them back to the operators.
Developer package repositories become attack route
Inside the campaign, malicious packages were disguised as common development utilities, including project setup tools, model-routing software, Solidity frameworks, prompt-engineering packages, and build helpers for Sui and Move-based applications, according to Socket.
The infected packages were discovered across npm, PyPI, and Rust’s Crates ecosystem, giving attackers access to JavaScript, Python, AI, automation, and blockchain development communities at the same time.
Socket said the package names were intentionally designed to resemble legitimate software developers might install during normal workflows without noticing suspicious behavior.
At the same time, the company said GitHub repositories linked to the operation showed signs of AI-assisted development activity, including rapidly generated lure repositories, partially completed malware components, and prompt-injection documentation built around security themes.
Separately, GitHub disclosed on May 20 that unauthorized actors had accessed internal repositories after compromising an employee’s device.
Attack vectors continue to evolve
The latest campaign follows a growing pattern of attacks targeting crypto developers through trusted workplace tools and professional communication channels.
Last month, researchers at Elastic Security Labs detailed a separate operation that used the Obsidian note-taking app to infect cryptocurrency and finance professionals with malware known as PHANTOMPULSE.
According to Elastic, the attackers approached victims through LinkedIn and Telegram conversations before directing them to shared Obsidian vaults containing trojanized plugins.
Elastic said the malware established a decentralized command-and-control structure using blockchain transaction data spread across three networks, allowing operators to maintain access without relying on centralized servers.
Earlier in April, blockchain security firm CertiK warned that North Korea-linked Lazarus Group operators had used fake Zoom meetings, compromised Telegram accounts, and ClickFix-style social engineering tactics to deliver “Mach-O Man” malware to crypto executives and fintech employees on macOS devices.
CertiK researcher Natalie Newson connected that activity to recent DeFi exploits tied to Drift and KelpDAO, where attackers allegedly stole hundreds of millions of dollars through social engineering and cross-chain infrastructure abuse.
Security researchers have increasingly warned that software supply chains, collaboration apps, AI development tools, and open-source repositories are becoming common entry points for crypto-focused intrusions because developers routinely install third-party packages and plugins with elevated system permissions.
