TrapDoor Malware Targets Crypto Developers Across Aptos, Sui And Solana

A new supply-chain malware campaign named TrapDoor is targeting crypto and AI developer environments through malicious packages published across npm, PyPI and Crates.io.

The campaign spans more than 34 malicious packages and 384 related versions, with payloads designed to steal SSH keys, wallet data, AWS credentials, GitHub tokens, browser profiles, API keys, environment variables and local development configuration files. The affected package names were built to look like developer helpers, wallet safety tools, security scanners, Solidity utilities, AI prompt tools and Move build packages.

The crypto targets are specific. TrapDoor searches for wallet and keystore data tied to Solana, Sui and Aptos, while also going after broader wallet-extension data and developer credentials that can unlock repositories, cloud accounts or deployment systems.

The campaign matters because it sits inside normal developer workflows. A compromised dependency can execute during install, import or build, long before a developer realizes a package is malicious. That makes TrapDoor more dangerous than a simple phishing link or fake wallet app.

Malware Uses Install Hooks, Build Scripts And AI Injection

The npm side of TrapDoor uses postinstall hooks to run a shared payload named trap-core.js. That payload scans for credentials, validates stolen AWS and GitHub tokens, attempts SSH-based lateral movement and plants persistence through Git hooks, shell hooks, cron jobs, systemd services and AI-assistant instruction files.

Crates.io packages target Sui and Move developers through malicious build.rs scripts. In Rust projects, build.rs can run automatically during compilation, giving the attacker a direct route to local wallet keystores before the developer runs the final software.

PyPI packages add another execution path by downloading and running remote JavaScript during import. That lets the attacker update behavior from outside the package registry without publishing a new Python package version.

TrapDoor also experiments with AI-assisted development environments. Hidden instructions planted in files such as .cursorrules and CLAUDE.md attempt to push coding assistants toward fake “security scan” workflows that expose secrets. That links the campaign to a broader security shift already visible in recent research on malicious AI agent routers and crypto theft.

Crypto Supply Chains Remain Under Pressure

TrapDoor is the latest sign that attackers are moving deeper into developer infrastructure rather than only targeting deployed smart contracts or end-user wallets. The same pattern appeared in a recent GitHub and Packagist supply-chain attack that hid a Linux payload inside package install flows, and in the Bitwarden CLI supply-chain incident that exposed developer environments and automated build pipelines to risk.

For Aptos, Sui and Solana developers, the immediate risk is local key exposure. Test wallets, deployer wallets, SSH keys and cloud tokens often sit on the same machines used to build and ship software. Once those secrets are stolen, attackers can pivot from one developer laptop into repositories, CI/CD systems, infrastructure accounts and production deployments.

The same risk extends beyond one chain. JavaScript, Python and Rust package ecosystems are used across wallets, DeFi apps, exchanges, bridges, explorers and infrastructure teams. A malicious helper package only needs a few successful installs inside the right environment to become a serious operational breach.

Developers Need To Treat Packages As Attack Surfaces

The defensive steps are practical and urgent. Crypto teams should audit recent dependency installs, remove the listed TrapDoor packages, rotate exposed SSH keys, revoke GitHub and cloud tokens, check wallet keystore access, inspect Git hooks and shell profiles, and review CI/CD logs for unexpected outbound connections.

Teams using AI coding tools should also check project instruction files for hidden or unexpected content, especially .cursorrules, CLAUDE.md and similar files that shape assistant behavior. TrapDoor shows that AI development workflows are now part of the attack surface, not just productivity tools.

The campaign has already been reported to affected registries, but the larger lesson is not limited to the first 34 packages. Crypto developers are being targeted at the dependency, build and AI-assistant layers because those layers sit closest to wallet keys, deployment credentials and production infrastructure. The next major crypto compromise may not start onchain at all. It may start with a package that looks useful enough to install.

The post TrapDoor Malware Targets Crypto Developers Across Aptos, Sui And Solana appeared first on Crypto Adventure.