A sophisticated software supply chain attack campaign named TrapDoor has been discovered targeting npm, PyPI, and Crates.io repositories. This attack involves over 34 malicious packages and 384 versions, with its earliest activity recorded on May 22, 2026. The primary aim of these packages is to distribute malware that steals sensitive developer information such as crypto wallets, SSH keys, and cloud credentials. Developers in the crypto, DeFi, Solana, and AI communities are among those most affected. The attack operates through various methods including postinstall hooks, remote JavaScript payloads, and malicious build.rs scripts. These packages disguise themselves as legitimate developer tools to infiltrate a wide audience. The npm packages notably run a script called trap-core.js, which scans for credentials and secrets, validates them using AWS and GitHub API calls, and establishes persistence through cron jobs and systemd services. Rust crates use a build script to execute malicious code, while Python packages execute automatically upon import, downloading JavaScript from a GitHub Pages domain to run malicious activity. Additionally, TrapDoor employs unique techniques like implanting hidden instructions in files to trick AI assistants into executing malicious scans. This campaign highlights the evolving tactics of threat actors targeting developer workflows to access sensitive information and conduct further attacks.
TrapDoor Attack Compromises Software Supply Chains Across npm, PyPI, and Crates.io
Cross-ecosystem attack distributing credential-stealing malware; impacts developers and supply chains.
Executive Summary
The TrapDoor campaign is a cross-ecosystem software supply chain attack affecting npm, PyPI, and Crates.io, distributing malware to steal developer credentials. The attack targets developers in specific industries and uses various methods to infiltrate and persist within systems.


