TrapDoor Malware Campaign Targets Developers via Open-Source Repositories
A sophisticated cyberattack campaign known as ‘TrapDoor’ has successfully compromised major open-source software repositories, creating a significant security risk for developers in the cloud infrastructure and blockchain sectors. Since late May 2026, attackers have deployed dozens of malicious packages across npm, PyPI, and Crates.io. By utilizing a multi-account strategy, the perpetrators have managed to distribute hundreds of infected versions that blend into standard dependency updates, effectively bypassing traditional security filters.
The malware is designed to trigger automatically upon installation, utilizing platform-specific features such as JavaScript post-install scripts, Python import-time execution, and Rust build scripts. Once the malicious code is active, it systematically scans the host environment for sensitive data, including SSH keys, browser-stored credentials, and environment variables. The campaign shows a clear intent to target digital assets, specifically seeking out wallet files associated with major platforms like MetaMask, Coinbase, Binance, and Solana to facilitate the theft of cryptocurrency.
In a concerning evolution of attack tactics, the TrapDoor campaign is also targeting AI-assisted development workflows. The malicious packages contain configuration files like .cursorrules and CLAUDE.md, which are designed to manipulate AI coding assistants. By influencing how these tools interpret project instructions, attackers aim to trick automated systems into leaking repository access tokens and cloud infrastructure credentials, such as those for AWS and GitHub. This multi-layered strategy marks a shift toward exploiting the complex, automated nature of modern software development environments.
Key Takeaways
- The TrapDoor campaign has infiltrated npm, PyPI, and Crates.io to distribute hundreds of malicious packages.
- The malware specifically targets cryptocurrency wallets and sensitive cloud infrastructure credentials like AWS and GitHub tokens.
- Attackers are now manipulating AI coding assistants to trick developers into exposing private repository data.
Editor’s Analysis & Impact
The TrapDoor campaign represents a significant escalation in supply chain attacks, moving beyond simple data exfiltration to the active manipulation of AI-driven development tools. By targeting the ‘rules’ files that govern AI coding assistants, attackers are exploiting the trust developers place in automated workflows. This shift suggests that as AI becomes more integrated into the software development lifecycle, the attack surface for malicious actors will expand accordingly. For the industry, this underscores the urgent need for more rigorous dependency auditing and the implementation of ‘zero-trust’ practices within development environments. Companies must now treat AI configuration files as potential security vectors, necessitating a broader approach to cybersecurity that encompasses both human-written code and machine-generated instructions.
Frequently Asked Questions
Q: What is the primary goal of the TrapDoor malware?
A: The primary goal is to exfiltrate sensitive data, including SSH keys, cloud infrastructure credentials, and cryptocurrency wallet files from developer machines.
Q: How does the malware manipulate AI coding assistants?
A: The malware includes specific configuration files like .cursorrules and CLAUDE.md, which are designed to trick AI assistants into revealing sensitive access tokens and environment variables.