Trapdoor malware steals crypto keys from npm, PyPI, Crates.io

Researchers at Socket discovered a supply-chain campaign named Trapdoor that infected 34 packages across the npm, PyPI and Crates.io registries. The infected packages span roughly 384 published versions and are designed to capture crypto wallet keys, private keys, SSH keys and other developer secrets.

The malicious packages appeared in waves beginning May 22 and were updated through the following weekend. The packages were distributed as generic developer tools and surfaced quickly across multiple registries, extending the campaign’s reach into adjacent developer communities where cloud credentials, GitHub tokens and wallet keys are likely to be present. Some infected versions remain available in public registries.

The Trapdoor payload targets developer environments and attempts to harvest high-value secrets, including private keys for cryptocurrency wallets, SSH keys and tokens used for services such as GitHub. Attackers also included directive files intended to prompt AI coding assistants to run scans that would reveal and exfiltrate sensitive files. Socket noted that the AI-directed technique may not succeed across all models and tools but represents an experimental approach within these campaigns.

A similar supply-chain incident in September involved modified packages used by wallet software that stole funds from wallets holding bitcoin, ether and solana. Security firms and repository monitors have tracked an increase in attacks that compromise developer tooling because a single infected package can reach many downstream projects and services.

Socket recommended that developers audit dependencies, rotate any exposed credentials and review recent package updates that seem out of character for a project. The firm also urged teams to evaluate the security of AI-assisted development workflows. Socket wrote that attackers “are actively experimenting with AI development environments as part of supply chain malware campaigns.”