blog.rankiteo.com web signal

TrapDoor Supply Chain Attack Spans npm, PyPI, Crates.io

cybersecurity open source supply-chain-attack npm developer-security

Key insights

  • TrapDoor deployed 34 malicious packages across 384 versions spanning npm, PyPI, and Crates.io in a single coordinated campaign.
  • Each ecosystem's native execution hook was abused: npm postinstall, Python import, and Rust's build.rs for silent, zero-interaction code execution.
  • Stolen SSH keys, cloud credentials, wallets, and browser credentials were exfiltrated via GitHub Pages and webhook.site to evade detection.

Why this matters

TrapDoor demonstrates that attackers can coordinate simultaneous campaigns across the three largest developer package ecosystems using each platform's own execution model as the delivery mechanism, eliminating the assumption that registry diversity provides meaningful security isolation. AI and cryptocurrency developers are disproportionately exposed because these communities depend heavily on third-party packages, meaning a single compromised dependency can yield SSH keys, cloud tokens, API credentials, and wallet keys in one automated sweep. Security teams relying on network-based detection are structurally blind to this attack class because TrapDoor routed all exfiltration through trusted platforms like GitHub Pages and webhook.site, bypassing conventional perimeter monitoring entirely.

Summary

TrapDoor planted 34 malicious packages across 384 versions on npm, PyPI, and Crates.io, targeting AI, cryptocurrency, DeFi, and cloud developers. The attack abused native execution hooks in each ecosystem: npm postinstall scripts, Python import behavior, and Rust's build.rs, running malicious code silently on install with zero user interaction required. Essentially: all three major registries were hit simultaneously, each with a platform-tailored exfiltration technique. - npm's token-usage-tracker: the most advanced variant, deploying Fernet encryption and persistence via shell config and Git hook modification - PyPI's git-config-sync: swept .ssh, .aws, .docker, and .kube credential directories and disabled TLS verification - Crates.io's sui-framework-helpers: targeted blockchain wallets using XOR obfuscation Ssh keys, cloud credentials, API tokens, cryptocurrency wallets, and browser credentials were exfiltrated through GitHub Pages and webhook.site to bypass security monitoring.

Potential risks and opportunities

Risks

  • Developers who installed any of the 34 packages before removal may have active credential exfiltration ongoing, with no victim notification mechanism described in the article.
  • Organizations using Crates.io for Rust-based DeFi or blockchain tooling face undetected wallet-key exposure if sui-framework-helpers was pulled in via transitive dependency trees.
  • Security teams relying on TLS traffic inspection may have missed data harvests entirely because git-config-sync explicitly disabled TLS verification during credential collection.

Opportunities

  • Supply-chain security vendors such as Chainguard, Socket.dev, and Snyk can position real-time package vetting tools to AI and crypto developer teams now acutely aware of the tri-ecosystem attack surface.
  • Package registry operators at npm, PyPI, and Crates.io have direct justification to fast-track mandatory provenance attestation and build.rs sandboxing policies in response to TrapDoor.
  • Secrets-management vendors like HashiCorp Vault and 1Password Secrets Automation gain a concrete urgency argument with developer teams that handled affected packages and need immediate credential rotation.

What we don't know yet

  • Attribution: the article identifies infrastructure at ddjidd564[.]github[.]io but names no threat group, country, or government affiliation behind TrapDoor.
  • Whether npm, PyPI, and Crates.io maintainers have confirmed all 34 packages and 384 version artifacts were fully removed from their registries as of June 2026.
  • Total number of developer machines or organizations confirmed compromised before the campaign was discovered and disclosed.

Originally reported by blog.rankiteo.com

Read the original article →

Original headline: TrapDoor Supply Chain Attack: 34 Malicious Packages Hit npm, PyPI, and Crates.io Simultaneously, Targeting AI and Cloud Developer Toolchains