Hackers Compromised 34 Packages in npm, PyPI, and Crates in New Supply Chain Attack

HomeCyber Security Hackers Compromised 34 Packages in npm, PyPI, and Crates in New Supply Chain Attack By Guru Baran May 25, 2026 New TrapDoor supply chain campaign, an active attack deploying 34 malicious packages and over 384 related versions across npm, PyPI, and Crates.io to steal developer credentials and cryptocurrency wallets. The operation explicitly targets developers in the crypto, DeFi, Solana, and AI communities by disguising malware as generic developer tools and security scanners. The campaign’s earliest observed component was the PyPI package eth-security-auditor@0.1.0, published on May 22, 2026, before expanding rapidly into other repositories. Packages were uploaded in distinct waves across all three registries, utilizing deceptive names like prompt-engineering-toolkit, solidity-deploy-guard, and defi-threat-scanner to heavily feign legitimacy within adjacent developer communities. Socket’s detected these TrapDoor releases with a median detection time of 5 minutes and 27 seconds, effectively classifying the entire campaign as malicious before widespread adoption could occur. Cross Ecosystem Attack Vectors The TrapDoor campaign utilizes distinct, ecosystem-specific execution paths to maximize its reach during standard developer installation and build workflows. By tailoring the attack vector to the specific package registry, the threat actor ensures silent execution occurs before developers can properly inspect the underlying dependencies. Registry Target Execution Method Notable Payload Behavior Encryption and Exfiltration npm Postinstall hooks. Deploys a shared trap-core.js payload for persistent credential harvesting. Uses Fernet and ECDH encryption while validating credentials via API. PyPI Auto-execute on import. Downloads a remote JavaScript payload from GitHub Pages via node -e. Externally hosted payload allows dynamic behavioral updates without new releases. Crates.io Rust build.rs scripts. Actively searches for and targets local Sui and Move developer keystores. Employs XOR encryption utilizing the hardcoded key cargo-build-helper-2026 . TrapDoor attempts to harvest an extensive array of developer data, specifically targeting Sui, Solana, and Aptos crypto wallets, alongside SSH keys, browser profiles, and AWS environment variables. The 1,149-line shared npm payload, trap-core.js, actively ensures long-term access by establishing complex persistence through systemd services, cron jobs, Git hooks, and shell hooks. Furthermore, stolen SSH keys are subsequently repurposed to execute automated lateral movement, effectively transforming single compromised workstations into persistent gateways for broader corporate network breaches. A defining characteristic of TrapDoor is its deliberate targeting of AI coding assistants via modified .cursorrules and CLAUDE.md project files. The threat actor utilizes zero-width Unicode characters to obscure malicious prompts, tricking the AI into performing hostile credential exfiltration under the guise of executing an automated project security scan, Socket said. To scale this specific attack vector, the attacker used the GitHub account ddjidd564 to submit deceptive pull requests containing these poisoned configuration files to prominent open-source AI projects like LangChain, MetaGPT, and OpenHands. The attacker maintains a sophisticated command and control architecture on GitHub Pages, hosting active malicious configuration files alongside a detailed AUDIT-MATRIX.md framework design document. This operational playbook describes a “Universal AI Agent Extraction Framework” that strategically relies on a disguise layer to map stealthy credential theft to seemingly benign developer automation workflows. To maximize the value of exfiltrated data, the payloads actively validate stolen AWS and GitHub tokens via live API queries while utilizing advanced cryptography across the different ecosystems to evade standard network detection. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Indian Student Data Weaponized for Phishing, Social Engineering, and Financial Fraud Critical n8n Vulnerabilities Expose Automation Nodes to Full RCE Malware Campaign Uses JavaScript, PowerShell, and Shellcode to Deliver Crypto Clipper Dark Web Brokers Repackage Old Breaches as Fresh Corporate Data Leaks Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware Latest News Cyber Security News PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS Cyber Security Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! Cyber Attack News Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks Cyber Security Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos Cyber Security News Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing