TrapDoor Malware: Crypto & AI Devs Targeted via Packages

A new malware campaign called 'TrapDoor' is targeting software developers in cryptocurrency, decentralized finance, and artificial intelligence. Cybersecurity firm Socket warns that attackers are uploading malicious packages to popular developer libraries like npm and PyPI. Here's the thing: developers who download these seemingly legitimate packages unknowingly infect their systems. Once active, TrapDoor acts as an info-stealer, designed to extract sensitive data. It specifically targets cryptocurrency wallet extensions like MetaMask and Phantom, along with SSH keys and GitHub authentication tokens. What's interesting is that by capturing these credentials, attackers can gain unauthorized access to digital assets and source code, potentially leading to asset theft. This highlights a growing trend in software supply chain threats. The bottom line: developers in these sectors must exercise caution and verify package integrity to prevent financial loss and data breaches.