FFeel.Trading
News list‘TrapDoor’ malware targets crypto dev tools in supply chain attack
CoinTelegraph2026-05-25 05:25:28

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

AI Impact AnalysisGrok analyzing...
📄Full Article· Automatically extracted by trafilatura1742 words
Source: Socket Crypto and AI developers have increasingly become targets as malicious actors have been loading poisoned packages into “app stores” for developers, knowing they will install them as part of their normal workflow, often without checking. TrapDoor specifically targets popular developer resources such as npm (node package manager), the package store for JavaScript/Node.js developers, the language behind most websites and web apps. It was also found in PyPI, the equivalent for Python developers, which is widely used in data science, AI, and automation, and Crates, the same thing for Rust developers. Related: GitHub investigates unauthorized access to internal repositories The malicious package names are crafted to look like “development helpers, project setup tools, model routing utilities, prompt engineering packages, Solidity tooling, and Sui or Move build helpers,” Socket said. “This gives the campaign broad reach across adjacent developer communities where crypto wallets, cloud credentials, GitHub tokens, and SSH keys are likely to be present,” it added. Developer platform GitHub has been used to disseminate the malicious packages, Socket said, adding the attack appeared to be AI-assisted. “The GitHub activity shows signs of rapid, AI-assisted-style iteration: broad security-themed scaffolding, generic lure repositories, prompt-injection documentation, and partially implemented extraction concepts mixed with working malware components.” GitHub itself was compromised on May 20 when it reported unauthorized access to its internal repositories following the compromise of an employee’s device. Magazine: Polymarket seeks Japan entry, Harvard dumps entire ETH position: Hodler’s Digest More on the subject
Data Status✓ Full text extractedRead Original (CoinTelegraph)
🔍Historical Similar Events· Keyword + Asset Matching6 items
2026-04-23
Bitwarden CLI Supply Chain Attack Puts Crypto Wallet Keys at Risk
Similarity 200%關鍵字 supply/chain/crypto
2026-04-23
Phishing, deepfakes, supply chain attacks to fuel 2026's biggest crypto hacks: CertiK
Similarity 150%關鍵字 supply/chain/crypto
2026-05-22
Kash Patel-Linked Apparel Store Goes Dark After Pushing Crypto-Stealing Malware
Similarity 130%關鍵字 crypto/malware
2026-05-21
Chainlink Sees Historic On-Chain Surge While Exchange Supply Keeps Shrinking – Details
Similarity 130%關鍵字 supply/chain
2026-05-19
BNB Smart Chain Shows Quantum-Safe Crypto Works Despite 50% Throughput Drop
Similarity 130%關鍵字 chain/crypto
2026-05-19
Canaan (CAN) Wins Contract to Supply Crypto Mining Heat to Nordic District Heating Network
Similarity 130%關鍵字 supply/crypto
💡 Currently matching via keywords + symbols (MVP) · Will be upgraded to embedding semantic search later
Raw Information
ID:10f7d23f70
Source:CoinTelegraph
Published:2026-05-25 05:25:28
Category:General · Export Category neutral
Symbols:Unspecified
Community Votes:+0 /0 · ⭐ 0 Important · 💬 0 Comments
‘TrapDoor’ malware targets crypto dev tools in supply chain attack | Feel.Trading