TechFlow News: On Could 25, Socket Safety researchers found a cryptocurrency-stealing provide-chain assault dubbed “TrapDoor,” spanning npm, PyPI, and Crates.io. The marketing campaign concerned over 34 malicious packages and 384 related variations and artifacts, concentrating on cryptocurrency, DeFi, Solana, Sui, Transfer, and AI builders.
The assault samples can steal delicate info together with SSH keys, pockets information, AWS credentials, GitHub tokens, browser information, and surroundings variables. Particularly, npm packages execute the shared payload entice-core.js by way of the postinstall hook; PyPI packages execute distant JavaScript upon import; and Crates.io packages steal native keystores by way of construct.rs. Socket has flagged all associated packages as malicious and reported them to the respective bundle registries.
