• About
  • FAQ
  • Landing Page
Newsletter
Blockchain News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Bitcoin
  • Ethereum
  • Regulation
  • Market
  • Blockchain
  • Business
  • Guide
  • Contact Us
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Bitcoin
  • Ethereum
  • Regulation
  • Market
  • Blockchain
  • Business
  • Guide
  • Contact Us
No Result
View All Result
Blockchain News
No Result
View All Result
Home Bitcoin

TrapDoor malware targets Solana, Sui, Aptos wallet data

admin by admin
05/30/2026
in Bitcoin
0
TrapDoor malware targets Solana, Sui, Aptos wallet data
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

Related articles

Ripple nearly shut down over SEC lawsuit, CEO says

Ripple nearly shut down over SEC lawsuit, CEO says

07/14/2026
SWIFT Launches Blockchain Payment System With 17 Global Banks

SWIFT Launches Blockchain Payment System With 17 Global Banks

07/13/2026



Stake Banner

A new crypto-theft campaign is targeting developers who likely have wallet keys, cloud credentials, and production access on their machines. Researchers at security firm Socket reported earlier this week that they identified a supply-chain attack called TrapDoor spreading across three major open-source programming registries. The attack includes more than 34 malicious packages with hundreds of related versions and artifacts.

A key takeaway is that attackers are becoming more focused. Beyond social engineering that targets individuals holding key information, supply-chain attacks are built not to catch random retail users but developers. Those are the very people who may have wallet files, SSH keys, GitHub tokens, cloud credentials, and production access on the same machine they use to build crypto and AI tools.

Socket did not identify specific victims or stolen funds. But the company said the packages were live across npm, PyPI, and Crates.io. These packages contained payloads that could steal wallet data, exfiltrate credentials, test AWS and GitHub tokens, and leave behind files to keep access active.

Boring by design

The packages were programmed in JavaScript, Python, and Rust. They were disguised as developer helpers, security scanners, wallet tools, Solidity utilities, AI prompt packages, and Sui or Move build helpers. The names were intentionally boring: “wallet-security-checker,” “defi-risk-scanner,” “solidity-build-guard,” “move-compiler-tools,” and “llm-context-compressor.” These looked like the kind of small utilities a crypto or AI developer might install without much thought.

Once installed, however, the payloads tried to pull far more than package data. In the npm packages, the malware searched a developer’s machine for private keys, passwords, GitHub tokens, and cloud logins. It also tested some stolen credentials, tried to move into other systems through SSH keys, and left behind files that could keep the infection active.

SSH keys are login files that developers use to access servers, code repositories, and other machines. If stolen, they can let an attacker move from one compromised laptop into a company’s wider infrastructure.

AI tools as attack vectors

The attack also uses files such as .cursorrules and claude.md, which allow developers to give project-specific instructions to AI coding tools. Socket said the campaign planted hidden instructions using zero-width Unicode characters. These appear to try making future AI assistant sessions run fake “security scans” that collected and exfiltrated secrets.

That turned the attack from a normal package stealer into something closer to developer-environment malware. The package install is only the first step. The real target is the workstation: wallets, repos, browser data, cloud keys, SSH access, and whatever AI coding tools read next.

The Rust packages used malicious build.rs scripts to run during compilation, targeting Sui and Move developers. PyPI packages executed remote JavaScript on import. Packages on npm used postinstall hooks.

Socket said it reported the packages to affected registries and classified the campaign packages as malicious. The company also warned that the attacker opened pull requests to AI and developer projects, trying to add .cursorrules and CLAUDE.md files through normal open-source contribution paths.

Loading



Source link

Share76Tweet47

Related Posts

Ripple nearly shut down over SEC lawsuit, CEO says

Ripple nearly shut down over SEC lawsuit, CEO says

by admin
07/14/2026
0

&#...

SWIFT Launches Blockchain Payment System With 17 Global Banks

SWIFT Launches Blockchain Payment System With 17 Global Banks

by admin
07/13/2026
0

SWIFT, the backbone ...

Ledger researchers find laser attack flaw in Tangem wallet cards

Ledger researchers find laser attack flaw in Tangem wallet cards

by admin
07/12/2026
0

&#...

US-Iran Tensions Drag Bitcoin Down to $62,000

US-Iran Tensions Drag Bitcoin Down to $62,000

by admin
07/11/2026
0

Escalating tensions ...

Crypto Gaming Is Moving From Fast Deposits to Verifiable Play

Crypto Gaming Is Moving From Fast Deposits to Verifiable Play

by admin
07/10/2026
0

For years, crypto ga...

Load More
  • Trending
  • Comments
  • Latest
BoE Opens Review on Pound-Linked Stablecoin Rules

BoE Opens Review on Pound-Linked Stablecoin Rules

11/16/2025
Jeff Bezos Returns to Lead AI Venture, Project Prometheus

Jeff Bezos Returns to Lead AI Venture, Project Prometheus

11/17/2025
AVAX Drops 6% Following $30M Token Unlock as Crypto Markets Face Stock Volatility

AVAX Drops 6% Following $30M Token Unlock as Crypto Markets Face Stock Volatility

11/17/2025

High-Speed Traders In Search of New Markets Jump Into Bitcoin

01/11/2023

US Commodities Regulator Beefs Up Bitcoin Futures Review

0

Bitcoin Hits 2018 Low as Concerns Mount on Regulation, Viability

0

India: Bitcoin Prices Drop As Media Misinterprets Gov’s Regulation Speech

0

Bitcoin’s Main Rival Ethereum Hits A Fresh Record High: $425.55

0
Intelligent Smart Contracts: AI Meets Blockchain

Intelligent Smart Contracts: AI Meets Blockchain

07/14/2026
Anthropic’s Claude Opus 4.5 Launch Signals AI Arms Race Intensifying

Anthropic Launches Claude for Teachers with Free AI Tools

07/14/2026
Ripple nearly shut down over SEC lawsuit, CEO says

Ripple nearly shut down over SEC lawsuit, CEO says

07/14/2026
– PrimaFelicitas

– PrimaFelicitas

07/13/2026
  • About
  • FAQ
  • Support Forum
  • Landing Page
  • Contact Us

© 2025 Blockchainews. All Rights Reserved

No Result
View All Result
  • Contact Us
  • Homepages
  • Business
  • Guide

© 2025 Blockchainews. All Rights Reserved