Large-Scale "TrapDoor" Supply Chain Attack Targets Developers Across npm, PyPI, and Crates.io
A sophisticated supply chain attack, dubbed “TrapDoor,” is actively targeting developers by abusing open-source ecosystems to steal sensitive data. The campaign spans npm, PyPI, and Crates.io, deploying 34 malicious packages across 384 versions to compromise systems in cryptocurrency, DeFi, AI, and cloud environments.
Attackers exploit legitimate package installation and build mechanisms such as npm’s postinstall scripts, Python’s import behavior, and Rust’s build.rs to execute malicious code automatically during installation or project builds, requiring no user interaction. The malware harvests SSH keys, cloud credentials, API tokens, and cryptocurrency wallets, exfiltrating data through trusted platforms like GitHub Pages, raw.githubusercontent.com, and webhook.site to evade detection.
Key Malicious Packages & Tactics
-
Python (PyPI): git-config-sync
- Executes malicious code upon import, scanning directories (
.ssh,.aws,.docker,.kube) for credentials using regex patterns. - Disables TLS verification to intercept traffic, sending stolen data to attacker-controlled GitHub Pages endpoints.
- Executes malicious code upon import, scanning directories (
-
npm: token-usage-tracker
- The most advanced variant, running a background process to collect browser credentials, cloud configs, shell histories, and cryptocurrency wallets.
- Uses Fernet encryption before exfiltrating data via webhooks or GitHub Gist.
- Introduces persistence and propagation by modifying shell configs, injecting Git hooks, and poisoning AI development environments (e.g.,
.cursorrules,CLAUDE.md) to influence coding assistants.
-
Rust (Crates.io): sui-framework-helpers
- Executes during builds via
build.rs, targeting blockchain wallet files (Sui, Solana, Aptos). - Uses XOR obfuscation and uploads stolen data to public GitHub Gists.
- Executes during builds via
Attack Infrastructure & Evasion
The campaign leverages whitelisted services (GitHub Pages, webhook.site) to blend malicious traffic with legitimate developer activity. While the npm variant stands out for its persistence, propagation, and remote command execution, all samples follow a consistent pattern:
- Trigger during install/build.
- Harvest credentials from local environments.
- Exfiltrate via trusted channels.
Indicators of Compromise (IOCs)
- Domain:
ddjidd564[.]github[.]io - URLs:
https[:]//ddjidd564[.]github[.]io/defi-security-best-practices/config.jsonhttps[:]//webhook[.]site/2ada14c8-00f6-43ce-9ad6-f5dc15952246(and similar webhook endpoints)
Security researchers warn the attack underscores the growing sophistication of supply chain threats, with developers in high-value sectors as prime targets.
Source: https://gbhackers.com/34-malicious-packages-steal-cloud-keys/
npm TPRM report: https://www.rankiteo.com/company/npm-inc-
PyPI TPRM report: https://www.rankiteo.com/company/pypi
Crates.io TPRM report: https://www.rankiteo.com/company/socketinc
"id": "npmpypsoc1780388789",
"linkid": "npm-inc-, pypi, socketinc",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': ['Cryptocurrency', 'DeFi', 'AI', 'Cloud'],
'type': 'Developers'}],
'attack_vector': ['npm postinstall scripts',
'Python import behavior',
'Rust build.rs'],
'data_breach': {'data_encryption': ['Fernet encryption', 'XOR obfuscation'],
'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['SSH keys',
'Cloud credentials',
'API tokens',
'Cryptocurrency wallets',
'Browser credentials',
'Shell histories']},
'description': "A sophisticated supply chain attack, dubbed 'TrapDoor,' is "
'actively targeting developers by abusing open-source '
'ecosystems to steal sensitive data. The campaign spans npm, '
'PyPI, and Crates.io, deploying 34 malicious packages across '
'384 versions to compromise systems in cryptocurrency, DeFi, '
'AI, and cloud environments. Attackers exploit legitimate '
'package installation and build mechanisms to execute '
'malicious code automatically during installation or project '
'builds, harvesting SSH keys, cloud credentials, API tokens, '
'and cryptocurrency wallets. Data is exfiltrated through '
'trusted platforms like GitHub Pages, '
'raw.githubusercontent.com, and webhook.site to evade '
'detection.',
'impact': {'data_compromised': ['SSH keys',
'Cloud credentials',
'API tokens',
'Cryptocurrency wallets',
'Browser credentials',
'Shell histories'],
'identity_theft_risk': 'High',
'operational_impact': 'Compromise of developer environments and '
'sensitive data exfiltration',
'systems_affected': ['npm', 'PyPI', 'Crates.io']},
'lessons_learned': 'The attack underscores the growing sophistication of '
'supply chain threats, with developers in high-value '
'sectors as prime targets.',
'motivation': ['Data Theft', 'Credential Harvesting'],
'post_incident_analysis': {'root_causes': 'Exploitation of legitimate package '
'installation and build mechanisms '
'in open-source ecosystems'},
'references': [{'source': 'Cyber Incident Description'}],
'title': "Large-Scale 'TrapDoor' Supply Chain Attack Targets Developers "
'Across npm, PyPI, and Crates.io',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Automatic execution of malicious code during '
'package installation or project builds'}