# TrapDoor 惡意軟體已透過至少 34 個惡意套件及 384 個相關版本,在多個軟體生態系中擴散。 *genai · news · 2026-05-25 · Crypto News* ## Key points - TrapDoor 惡意軟體活動已感染 npm、PyPI 及 Crates 上超過 34 個套件及 384 個版本。 - 惡意套件模仿常見工具,針對加密貨幣、人工智慧及安全基礎設施領域的開發者。 - 攻擊者操控 Claude 和 Cursor 等 AI 程式碼助理,透過假冒安全掃描洩漏憑證。 - 與 TrapDoor 相關的 GitHub 倉庫顯示 AI 生成的惡意軟體元件及提示注入文件跡象。 - 近期攻擊日益利用協作應用程式及開源倉庫作為竊取憑證的入口點。 TrapDoor malware has emerged as a new threat to crypto and AI developers after researchers uncovered a supply chain attack designed to steal wallet data, API keys, cloud credentials, and SSH access through poisoned developer packages. According to a report published Sunday by developer security platform Socket, the campaign, dubbed “TrapDoor,” was first identified on Friday and has already spread through at least 34 malicious packages and 384 connected versions across multiple software ecosystems. Socket said the attackers have focused on developers working in cryptocurrency, decentralized finance, artificial intelligence, and security infrastructure, where exposed credentials can provide access to wallets, repositories, cloud environments, and internal systems. Among the targeted services are wallets and platforms linked to Coinbase, Binance, MetaMask, Brave, along with blockchain ecosystems tied to Solana, Sui, and Aptos. Ahmad Nassri, chief technology officer at Socket, said the malware also attempts to manipulate AI coding assistants such as Claude and Cursor by injecting hidden prompts into development workflows. Socket’s report stated that the attackers appear to be pushing AI tools into running fake “security scans” that expose secrets and transmit them back to the operators. Developer package repositories become attack route Inside the campaign, malicious packages were disguised as common development utilities, including project setup tools, model-routing software, Solidity frameworks, prompt-engineering packages, and build helpers for Sui and Move-based applications, according to Socket. The infected packages were discovered across npm, PyPI, and Rust’s Crates ecosystem, giving attackers access to JavaScript, Python, AI, automation, and blockchain development communities at the same time. Socket said the package names were intentionally designed to resemble legitimate software developers might install during normal workflows without noticing suspicious behavior. At the same time, the company said GitHub repositories linked to the operation showed signs of AI-assisted development activity, including rapidly generated lure repositories, partially completed malware components, and prompt-injection documentation built around security themes. Separately, GitHub disclosed on May 20 that unauthorized actors had accessed internal repositories after compromising an employee’s device. Attack vectors continue to evolve The latest campaign follows a growing pattern of attacks targeting crypto developers through trusted workplace tools and professional communication channels. Last month, researchers at Elastic Security Labs detailed a separate operation that used the Obsidian note-taking app to infect cryptocurrency and finance professionals with malware known as PHANTOMPULSE. According to Elastic, the attackers approached victims through LinkedIn and Telegram conversations before directing them to shared Obsidian vaults containing trojanized plugins. Elastic said the malware established a decentralized command-and-control structure using blockchain transaction data spread across three networks, allowing operators to maintain access without relying on centralized servers. Earlier in April, blockchain security firm CertiK warned that North Korea-linked Lazarus Group operators had used fake Zoom meetings, compromised Telegram accounts, and ClickFix-style social engineering tactics to deliver “Mach-O Man” malware to crypto executives and fintech employees on macOS devices. CertiK researcher Natalie Newson connected that activity to recent DeFi exploits tied to Drift and KelpDAO, where attackers allegedly stole hundreds of millions of dollars through social engineering and cross-chain infrastructure abuse. Security researchers have increasingly warned that software supply chains, collaboration apps, AI development tools, and open-source repositories are becoming common entry points for crypto-focused intrusions because developers routinely install third-party packages and plugins with elevated system permissions. **Companies:** Coinbase, Binance, Socket, MetaMask, Brave, Elastic Security Labs, CertiK [Read the full story on Crypto News](https://crypto.news/trapdoor-malware-campaign-steals-crypto-wallet-data-through-fake-developer-tools/) --- Canonical: https://newsio.io/zh-TW/n/7191e7eb-a3d9-4d9c-a654-8ac0d2034874/trapdoor-34-384 Summarized by Newsio from Crypto News. https://newsio.io/how-it-works