TrapDoor Campaign Targets Open-Source Ecosystems with Malicious Packages

A recent supply chain attack has compromised three major open-source package ecosystems: npm, PyPI, and Crates.io. The campaign, known as 'TrapDoor,' has specifically targeted developers working in crypto, DeFi, Solana, AI, and security tooling.

The attackers have published 34 malicious packages across the three registries, with more than 384 versions and artifacts linked to the TrapDoor campaign. These packages are designed to harvest sensitive data, including SSH keys, wallet data, AWS credentials, GitHub tokens, browser profile data, and local development configuration files.

One of the most striking aspects of the TrapDoor campaign is its use of AI coding tools. The attackers have hidden instructions inside .cursorrules and CLAUDE.md files using zero-width Unicode characters, attempting to trick AI assistants into running a 'security scan' that actually exfiltrates data.

Developers working in targeted ecosystems should take immediate action by checking their dependencies against the full list of malicious packages. If any of these packages have made it into your environment, treat it as a full compromise and rotate all credentials, SSH keys, API keys, and wallet keys.