PANews
PANews|5月 25, 2026 01:36
[Cryptocurrency-Stealing Program TrapDoor Targets Three Major Code Repositories, 34 Malicious Packages Detected] Security company Socket Security has disclosed an active supply chain attack named TrapDoor targeting software package repositories such as npm, PyPI, and Crates.io. So far, 34 malicious packages and 384 versions and components have been identified, with attackers continuously pushing new versions across various ecosystems. TrapDoor primarily targets developers in the cryptocurrency, DeFi, AI, and security sectors, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, environment variables, and API keys. Socket detected the median time to identify malicious versions as 5 minutes and 27 seconds, with the fastest detection occurring 58 seconds after release.
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads