Widespread Malware Campaign Targets Software Developers in Cryptocurrency Sector

A sophisticated malware campaign has been discovered, targeting software developers in the cryptocurrency, decentralized finance (DeFi), artificial intelligence (AI), and cybersecurity sectors.

The campaign, named TrapDoor, involves attackers compromising software package repositories such as npm, PyPI, and Crates.io.

So far, 34 malicious packages have been identified, along with 384 versions and components. The malware is designed to steal sensitive information from developers' computers, including wallets, SSH keys, cloud credentials, GitHub tokens, browser data, environment variables, and API keys.

Sockets Security's detection indicates that the median malicious version detection time was 5 minutes and 27 seconds, with the fastest detection occurring just 58 seconds after release. This suggests that the attackers are actively updating their malware to evade detection.