- Researchers discover 34 malicious packages from TrapDoor malware targeting Aptos, Sui, and Solana ecosystems.
- The packages are designed to steal developers’ crypto wallets, SSH keys, cloud credentials, browser data, and environment variables
Researchers from Socket Security have issued a warning to communities in the Aptos, Sui, and Solana ecosystems. A new malware called TrapDoor is targeting these ecosystems by injecting malicious packages into code repositories like npm, PyPI, and Crates.io. Hiding in applications like AI assistant files and automation scripts, the malware can steal crypto wallets, cloud tokens, and access keys from developer workstations.
The researchers noted that the earliest releases of the malware were observed on Friday at 20:20 UTC, with more published in quick succession, suggesting the attack was coordinated, not opportunistic. The TrapDoor malware was built to search compromised computers for sensitive data, including SSH keys, AWS credentials, GitHub tokens, browser login data, API keys, and crypto wallet files associated with Sui, Solana, and Aptos development environments.
Crypto users and platforms have been targeted by malware campaigns before. Scammers have used phishing emails and fake downloads for years, and now they are widening the net to include builders. Crypto wallets, cloud credentials, and AI tooling make these developers good targets.
TrapDoor Manipulates AI Tools
One of the most unusual aspects of the TrapDoor campaign was its attempt to manipulate AI coding assistants. The attackers added hidden instructions into files commonly used by AI development tools. Those instructions attempted to convince AI assistants to perform fake “security scans” that would expose sensitive local files and credentials.
Socket noted that the malware used zero-width Unicode characters to conceal some of these instructions from human review while still making them readable to certain AI systems.
As AI-assisted coding accelerates software development, companies are increasingly relying on open-source dependencies, automated package installations, and AI-generated workflows. This means they are now vulnerable to attacks designed for this convenience.
Socket’s platform is now calling on developers in the affected ecosystems to run tests to detect this malicious malware. Its detection systems identified TrapDoor releases within minutes of publication across multiple registries. It further noted that it has classified all identified packages as malicious and continues to track and report on related versions and infrastructure associated with the campaign.
As ETHNews reported in March, another report recently identified a similar security threat. OX Security has identified a widespread phishing campaign targeting developers who interact with OpenClaw, an open-source AI agent project with 324,000 GitHub stars, using fake token airdrop offers to drain crypto wallets and steal SSH credentials.
Security has become a major concern for crypto this year, with nearly a dozen exploits draining close to $1 billion from DeFi protocols. Cross-chain bridges have been the most common target, leading to a migration from LayerZero bridging to more secure alternatives such as Chainlink’s CCIP. Over $4 billion in crypto assets have moved to Chainlink in the past month alone.
