Cybersecurity researchers have uncovered a major software supply chain attack that targeted crypto and artificial intelligence (AI) developers across several popular open-source platforms. Security firm SlowMist said the campaign, known as “TrapDoor,” spread through malicious software packages uploaded to npm, PyPI, and Crates.io, exposing crypto wallets, cloud credentials, and sensitive developer access keys.
The warning came after security platform Socket first identified the operation on May 24. Researchers said attackers uploaded more than 34 malicious packages and 384 infected versions disguised as legitimate developer tools. The campaign mainly targeted teams building crypto, DeFi, Solana, Sui, and AI-related applications.
According to SlowMist, the attackers inserted hidden malicious code directly into the installation and build processes. Consequently, the malware activated automatically once developers downloaded dependencies or opened compromised projects inside coding environments. Researchers described the incident as one of the largest cross-platform supply chain attacks seen in 2026 because the same infrastructure operated across multiple programming ecosystems.
Attackers exploited trusted developer tools
SlowMist said the attackers used trusted developer services such as GitHub Pages, GitHub Gists, and webhook.site to disguise malicious traffic as normal coding activity. The malware reportedly stole SSH keys, browser session data, AWS credentials, crypto wallet files, and API tokens before sending the information to remote servers controlled by the attackers.
Researchers also found strong connections between the Python and npm versions of the malware through shared infrastructure linked to the domain ddjidd564.github.io. However, the Rust-based sample showed fewer similarities, even though it targeted many of the same crypto-focused developers.
According to SlowMist, the npm version appeared to be the most sophisticated part of the operation. Besides stealing credentials, the malware altered Git hooks, shell profiles, and files linked to AI coding assistants, including .cursorrules and CLAUDE.md. Researchers said the attackers also tried to spread malicious instructions through AI-assisted coding workflows using hidden zero-width characters and prompt injection methods.
AI coding assistants become a new security risk
Researchers warned that the campaign exposed growing risks for developers who increasingly depend on AI coding assistants in daily workflows. According to SlowMist, the malware carried hidden instructions designed to influence tools such as Cursor and Claude Code during future coding sessions, potentially allowing malicious behavior to spread beyond the initial infection.
The report said the attackers turned routine software package installations into long-term access points inside developer systems. Moreover, the malware quietly restored itself through shell scripts and Git-related operations without drawing attention from users.
SlowMist urged affected developers to rotate credentials immediately, remove compromised packages, and scan systems for indicators linked to the “P-2024-001” marker and associated domains.
Also Read: HTX Says Frozen Funds Restored After “Technical Mishap” Sparks Chaos
