An active malware campaign targets developers working in the Solana, Sui and Aptos ecosystems. As identified by the cybersecurity firm Socket Security on May 24, the malware called TrapDoor is distributed disguised as a code library, a type of tool that development teams routinely install so they do not have to write basic functions from scratch.
The campaign adds more than 34 malicious packages (set of code published on npm, PyPI and Crates.io (the three repositories where programmers publish and download these libraries) and reaches, between versions and updates of those same packages, more than 384 files distributed in total.
Additionally, the packages carry names designed to be confused with real tools that any development team could install unsuspectingly. None is, point out from the Socket team.
What malware steals
Once installed, the packages trigger extraction routines that They point to the private keys of the developers’ wallets, as well as remote access credentials to their serversto code repositories, to cloud computing services, and to environment variables, files where teams typically store passwords and API keys from projects in production.
For a developer working on a decentralized finance (DeFi) protocol, the combination of those elements represents almost complete access to the funds that their smart contracts manage.
Malware arrives in different ways depending on the repository. In npm, it is automatically enabled when you install the package. In Crates.io (the library repository for the Rust language, common in Sui development) it is executed during the compilation of the project, before the developer interacts directly with the library.
In PyPI, it downloads additional code from an external server at the time it is imported, allowing the attacker to modify its behavior without releasing new versions.
Injection into AI tools
According to Socket Security, the campaign incorporates an additional vector aimed at programming assistants with artificial intelligence (AI). The malware plants configuration files (which code wizards read to understand the conventions of each project) with instructions hidden by invisible characters.
The goal, according to the firm, is to trick the assistant into executing a routine presented as a “security scan” that in reality extract and send credentials to the attacker. Socket recognizes that this technique may not work consistently across all models or tools.
The same GitHub account behind the campaign opened code change proposals in AI project repositories high-profile ones like LangChain, LlamaIndex, MetaGPT and OpenHands, trying to introduce those same malicious files as if they were documentation improvements.
Socket reported the identified packets to the affected logs and continues to monitor the infrastructure linked to the campaign. The report does not confirm that any developer has actually been compromised.
The attack comes at a time of sustained escalation in hacks into the cryptocurrency ecosystem. In April alone, as reported by CriptoNoticias, more than one hack per day was recorded against DeFi protocols, with losses close to USD 635 million. TrapDoor, which uses AI as a distribution vector as well as an attack tool, joins that long list.