SECURITYCOINTELEGRAPH
‘TrapDoor’ malware targets crypto dev tools in supply chain attack
A campaign named 'TrapDoor' is using malicious packages to target cryptocurrency development tools in a supply chain attack, aiming to steal crypto assets by injecting hidden instructions that hijack popular AI coding assistants. Socket has reported this threat, highlighting the exploitation of AI tools to facilitate the theft.
Mentioned
Related Signal
Adjacent reporting
- Ongoing supply-chain attack 'explicitly targeting' security, dev tools
- Developer Workstations Are Now Part of the Software Supply Chain
- Telegram Mini Apps abused for crypto scams, Android malware delivery
- Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
- Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines
- ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack