Socket Security flagged the TrapDoor campaign Sunday after identifying 34+ malicious packages on npm, PyPI, and Crates.io targeting Aptos, Sui, and Solana developer environments.
Posted May 26, 2026 at 6:41 am EST.
Socket Security researchers flagged an active supply-chain attack Sunday targeting crypto developer environments tied to Aptos, Sui, and Solana ecosystems through more than 34 malicious packages and over 384 related versions across the npm, PyPI, and Crates.io package registries.
Dubbed TrapDoor, the campaign uses postinstall hooks (npm), Python import triggers (PyPI), and Rust build.rs scripts (Crates.io) that fire automatically during standard install and compile operations, blending into normal developer workflows. The earliest observed component was the PyPI package [email protected], uploaded on May 22 at 20:20 UTC and followed by rapid waves of releases across all three registries through the weekend. Socket detected the malicious packages at a median speed of 5 minutes and 27 seconds after publication, classifying the campaign before it could see widespread adoption.
This story is an excerpt from the Unchained Daily newsletter.
Subscribe here to get these updates in your email for free
The data exfiltration target list is extensive: SSH keys, Sui, Solana, and Aptos wallet keystores, AWS credentials, GitHub tokens, browser profile data and login databases, crypto wallet extension data, environment variables, API keys, and local development configuration files. Wallet brands explicitly targeted in the malware’s logic include Coinbase, Binance, MetaMask, and Brave, though Socket noted those platforms themselves were not directly compromised.
The technical sophistication varies by ecosystem. The npm payload, a 1,149-line file called trap-core.js, uses Fernet and ECDH encryption and validates stolen AWS and GitHub credentials through live API calls to identify high-value targets. Crates.io packages use XOR encryption with the hardcoded key cargo-build-helper-2026 and exfiltrate to GitHub Gists. Persistence is established through systemd services, cron jobs, Git hooks, and shell hooks. A defining characteristic is the malware’s targeting of AI coding assistants through modified .cursorrules and CLAUDE.md project files, repurposing the same hooks developers use to configure tools like Cursor and Claude Code.
The campaign drew warnings from multiple security firms. SlowMist issued an emergency security warning under code SM-2026-352284, comparing TrapDoor conceptually to the npm worm “Mini Shai-Hulud.” All identified packages have been reported to the relevant registries. The attacker-controlled GitHub Pages repository contains an internal document calling the operation a “Universal AI Agent Extraction Framework,” suggesting an attempt at AI-assisted iteration on the payload. For crypto teams, the implication is clear: compromised developer environments can expose wallets, repositories, and deployment infrastructure before code ever reaches production.
Uncategorized,malware,Socket Security,supply chain attack,TrapDoor,yahoomalware,Socket Security,supply chain attack,TrapDoor,yahoo#TrapDoor #Malware #Campaign #Targets #Crypto #Developer #Environments #Malicious #Packages1779794090
