TrapDoor malware spreads through fake developer tools to steal crypto wallet data and developer credentials
first published 2026-05-25T06:25:28Z
Researchers uncovered a supply-chain malware campaign called TrapDoor that spread through npm, PyPI, and Rust packages. The malicious tools stole wallet data, API keys, cloud credentials, SSH keys, GitHub tokens, and browser data from crypto, DeFi, AI, and security developers, and may also use hidden prompts to trigger fake security scans and exfiltrate secrets.
AI Analysis
The article describes an active malware campaign stealing wallet data and multiple credentials from developers through widely used package ecosystems, which is directly negative and potentially disruptive. It is high impact because it involves crypto wallet data theft and supply-chain compromise affecting developers.
Expected Investor Sentiment: Very Bearish
Potential Market Impact: Significant
Source Articles
- TrapDoor malware campaign steals crypto wallet data through fake developer tools - Crypto News
- ‘TrapDoor’ malware targets crypto dev tools in supply chain attack - Cointelegraph
- New 'TrapDoor' Virus Steals Crypto Wallets: Solana, DeFi, AI Developers Under Threat - U.Today
- Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection - Decrypt
