트랩도어 멀웨어: 암호화폐 개발자를 노린 대규모 공급망 공격

📄전체 원문· trafilatura에 의해 자동 추출됨2758 자

Investigators at Soclet have discovered a new supply attack targeting crypto developers using npm, PyPI, and Crates.io packages. The campaign, dubbed Trapdoor, focuses on stealing crypto wallet keys and other secrets from developers in the crypto space. Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers Key Takeaways - On May 22, Socket found Trapdoor malware infecting 34 developer packages to steal crypto wallets and keys. - Spanning 384 versions, the campaign tricks AI tools and severely impacts the development market. - After a similar September attack, Socket warns developers must next secure AI environments from crypto theft. Supply Chain Attack Scheme Trapdoor Targets Developers For Maximum Performance While some malware campaigns target everyday crypto users, others focus on developers, aiming to capture targets with a higher chance of holding large amounts of cryptocurrency and having access to broader resources. Researchers at Socket, a company that specializes in preventing supply chain attacks, have identified a broad campaign targeting crypto developers using infected packages across npm, PyPI, and Crates.io. Dubbed Trapdoor, the supply chain attack spans 34 packages across these development environments, encompassing over 384 versions, with some still available. Socket reported that the affected packages were published in waves starting on May 22 and then were updated throughout the following weekend. The packages stood out due to their nature, as they allegedly represented generic developer tools and appeared in quick succession across different registries. This gives the campaign “broad reach across adjacent developer communities where crypto wallets, cloud credentials, Github tokens, and SSH keys are likely to be present,” socket assessed. The infected packages invade the development environment of crypto developers, leveraging these alleged open-source tools, taking hold of secrets, crypto wallets, secure shell (SSH) keys, and other relevant data. Trapdoor infected packages also try to leverage AI tools to collaborate with their attack, using directive files to trick AI coding tools to run a security scan and exfiltrate highly sensitive data. Socket stated that while this technique could not work consistently across all AI tools and models, its presence shows that attackers “are actively experimenting with AI development environments as part of supply chain malware campaigns.” Chain attacks are becoming more common. In September, the crypto community was alerted about a similar hack, with several packages used by crypto wallets being compromised and modified to steal cryptocurrency funds from wallets containing bitcoin, ether, and solana, among other digital assets.

데이터 상태✓ 전체 내용 추출 완료원문 읽기 (Bitcoin.com)

🔍과거 유사 사건· 키워드 + 종목 매칭6 건

2026-05-25

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

유사도 330%關鍵字 malware/attack/trapdoor

2026-04-23

Bitwarden CLI 공급망 공격으로 Crypto Wallet Keys 위험 노출

유사도 200%關鍵字 supply/chain/crypto

2026-04-23

피싱, 딥페이크, 공급망 공격이 2026년 최대 규모의 암호화폐 해킹을 주도할 것: CertiK

유사도 150%關鍵字 supply/chain/crypto

2026-05-22