Socket Warns TrapDoor Malware Is Targeting Crypto Developers

Highlights:

• Socket found TrapDoor malware targeting crypto developers through fake packages on major software registries.
• The malware tried to steal wallet files, keys, tokens, cloud credentials, and developer secrets.
• Attackers also tested hidden prompts to abuse AI coding tools inside developer projects.

Socket has found a new crypto-focused malware campaign targeting developers via fake open-source packages on npm, PyPI, and Crates.io. In a report published on Sunday, the Socket Research Team said the campaign, called TrapDoor, included more than 34 malicious packages and over 384 related versions and artifacts across the three software registries.

The attack mainly targeted developers working in crypto, decentralized finance, Solana, Sui, Move, artificial intelligence, and security projects. The packages looked like normal developer tools. Some appeared to offer wallet checks, Solidity deployment help, project setup, or security scanning. However, Socket said these packages were actually built to steal sensitive data from developer systems.

A supply chain attack like this can be dangerous because developers often trust package registries during normal work. If they install a malicious package, the malware can quietly search their computer for private files, passwords, keys, and wallet data.

🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.​io.

Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems.

TrapDoor targets… pic.twitter.com/0CI758NJ6T

— Socket (@SocketSecurity) May 24, 2026

TrapDoor Tried to Steal Wallets and Developer Secrets

Socket said TrapDoor searched for several types of sensitive data. These included SSH keys, GitHub tokens, Amazon Web Services credentials, browser data, wallet extension files, environment variables, API keys, and crypto wallet data.

The malware also targeted wallets linked to Sui, Solana, and Aptos. Stolen wallet files can put crypto funds at risk. Stolen GitHub tokens can expose private code. Cloud credentials can also give attackers access to online systems. This is why the campaign was not only a wallet threat, but also a wider developer security risk.

Socket said the first package it found was eth-security-auditor@0.1.0 on PyPI. It was uploaded on May 22 at 20:20:18 UTC. After that, the attacker pushed more packages across npm, PyPI, and Crates.io.

Malware Worked Differently on Each Platform

Socket said the npm packages used postinstall scripts. These scripts can run automatically after someone installs a package. In this campaign, the npm packages used that method to run a shared malware file called trap-core.js.

Socket described trap-core.js as a large credential-stealing tool. It scanned developer machines for secrets, tested stolen GitHub and Amazon Web Services credentials, and tried to keep access through several methods. These included Git hooks, shell hooks, cron jobs, systemd services, SSH movement, and project files such as .cursorrules and CLAUDE.md.

The PyPI packages used another method. Socket said they ran remote JavaScript when imported. This allowed the attacker to change the harmful code from an outside server without uploading a new package version.

The Crates.io packages targeted Rust developers working with Sui and Move. These packages used malicious build.rs scripts. These scripts can run during the build process. Socket said they searched for local keystores, encrypted the stolen data, and sent it to GitHub Gists.

Attackers Also Tried to Abuse AI Coding Tools

TrapDoor also showed a new risk for AI-assisted coding. Socket said the attacker used files such as .cursorrules and CLAUDE.md to add hidden instructions for AI coding assistants. Developers often use these files to guide AI tools inside a project.

Socket said the attacker tried to make AI tools run fake security checks that could help find and steal secrets. The method may not work in every tool, but it shows that attackers are now testing ways to abuse AI development workflows.

Socket also linked the campaign to the GitHub account ddjidd564. The account opened pull requests to several AI and developer projects, including LangChain, Langflow, LlamaIndex, MetaGPT, and OpenHands. These pull requests tried to add AI-related project files under normal-looking names.

Socket said it marked all identified TrapDoor packages as malicious and reported them to the affected registries. The company also said it continues to track related packages, versions, and infrastructure connected to the campaign.