PANews|5月 25, 2026 01:36
[Cryptocurrency-Stealing Program TrapDoor Targets Three Major Code Repositories, 34 Malicious Packages Detected]
Security company Socket Security has disclosed an active supply chain attack named TrapDoor targeting software package repositories such as npm, PyPI, and Crates.io. So far, 34 malicious packages and 384 versions and components have been identified, with attackers continuously pushing new versions across various ecosystems. TrapDoor primarily targets developers in the cryptocurrency, DeFi, AI, and security sectors, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, environment variables, and API keys. Socket detected the median time to identify malicious versions as 5 minutes and 27 seconds, with the fastest detection occurring 58 seconds after release.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink