A coordinated campaign called TrapDoor targeted three major developer ecosystems: npm, PyPI, and Crates.

A coordinated campaign called TrapDoor targeted three major developer ecosystems: npm, PyPI, and Crates.io. Researchers reported more than 34 malicious packages across over 384 versions, aimed especially at crypto, DeFi, Solana, and AI developers. The malware was designed to steal developer secrets, crypto wallets, SSH keys, cloud credentials, browser data, and environment variables, and some payloads attempted persistence through Git hooks, cron, systemd, and SSH-based lateral movement