Dossier
credential-stealing malware
Coverage of credential-stealing malware in the Nexus archive.
- TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A coordinated cross-ecosystem supply chain attack named TrapDoor has distributed credential-stealing malware through npm, PyPI, and Crates.io, involving over 34 malicious packages across 384 versions. The campaign began on May 22, 2026, with packages published in waves from a cluster of sources.
- Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack exploited Laravel Lang localization packages by hijacking GitHub version tags to distribute credential-stealing malware via Composer packages, exposing developers to a sophisticated malware campaign.