Security firm Socket reports that a supply chain attack known as TrapDoor has deployed more than 34 malware packages across three open-source software repositories: npm, PyPI, and Crates.io. The attackers disguised these packages as common development tools and security scanners, targeting the work environments frequently used by crypto, DeFi, AI, and security developers.

Disguised as an ordinary tool kit

These software packages have deliberately generic names that could easily be mistaken for everyday development aids. The names mentioned by the researchers include wallet-security-checker, defi-risk-scanner, solidity-build-guard, move-compiler-tools, and llm-context-compressor.

The attackers did not target ordinary retail users, but rather developer machines that might simultaneously possess wallet files, SSH keys, GitHub tokens, cloud credentials, and production environment access. Once installed, the malicious code searches the local machine for private keys, passwords, browser data, and configuration files, and attempts to verify some of the stolen credentials.

Involves Sui and Move development environments

The report indicates that the malware packages were written in JavaScript, Python, and Rust, and each exploited common execution methods in the different language ecosystems to trigger the attack.

• npm packages can execute malicious code via postinstall hooks.
• PyPI packages execute remote JavaScript upon import.
• Rust packages run during the compilation phase using malicious build.rs scripts.

Rust-related packages are specifically targeted at Sui and Move developers. Because these developers often handle wallet, code repository, and server access on the same device, a successful attack could extend the impact from personal computers to the team's infrastructure.

Hidden instructions were implanted in the AI configuration file.

Socket also stated that the attackers abused AI coding tool configuration files such as .cursorrules and CLAUDE.md. These files were originally intended to provide project-level instructions to the AI assistant, but the attackers inserted hidden content into them in an attempt to influence subsequent AI coding sessions, tricking the tool into performing fake "security scans" and then exporting sensitive information.

Researchers say this makes TrapDoor more than just a simple software package theft; it's closer to persistent malicious activity targeting development workstations. Package installation is just the first step; the real target is the wallets, code repositories, browser data, cloud keys, and SSH access that developers will subsequently have access to.

Report has been sent to the relevant warehouse.

Socket stated that it has reported these packages to the affected software repositories and classified them as malicious content. The company also warned that the attackers had made pull requests to AI and developer projects, attempting to add the .cursorrules and CLAUDE.md files to the projects through normal open-source collaboration processes.

Additional information:The headline mentioned that Solana, Sui, and Aptos wallet data were targeted, but the main attack paths disclosed in the article focused on stealing general wallet files and malicious dependency delivery targeting Sui, Move, and AI development environments.