‘TrapDoor’ malware targets crypto dev tools in supply chain attack
Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants.
An active supply chain attack is targeting crypto and artificial intelligence developers in a bid to steal crypto, data or credentials, says the developer platform Socket.
Socket said in a report on Sunday that it discovered the malware campaign, which it dubbed “TrapDoor,” on Friday, and the campaign has deployed more than 34 malicious packages and 384 related versions, with attackers repeatedly pushing new releases across ecosystems.
TrapDoor targets crypto, decentralized finance, AI, and security developers, stealing wallet data, Secure Shell, or SSH keys, cloud credentials, GitHub tokens, browser extension data and API keys, Socket said.
Source: Cointelegraph →Related News
- 1 hour ago
Crypto entrepreneur Chun Wang joins SpaceX mission to Mars
- 2 hours ago
Bitcoin ETFs' 6 day loss streak pushes market closer to net outflows for 2026
- 3 hours ago
‘Developed ecosystem’ based on crypto has sprung up for AI agents: Report
- 3 hours ago
Kalshi backs prediction markets lobby group with former Trump official
- 5 hours ago
SEC postpones plan allowing 'innovation exemption' for tokenized stocks: Report