By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

INTRODUCTING BNB NEWS – READ

BNB News
  • News
    NewsShow More
    Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided
    Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided
    July 10, 2026
    SEC Clears T. Rowe Price Multi-Asset Crypto ETF With XRP, SOL, LINK, ADA
    SEC Clears T. Rowe Price Multi-Asset Crypto ETF With XRP, SOL, LINK, ADA
    June 17, 2026
    Tether Declines MiCA Compliance, USDT Vanishes from EU Exchanges
    Tether Declines MiCA Compliance, USDT Vanishes from EU Exchanges
    June 16, 2026
    SBI Shinsei Bank Launches Crypto Interest Conversion Pilot in Japan
    SBI Shinsei Bank Launches Crypto Interest Conversion Pilot in Japan
    June 15, 2026
    Walmart Reportedly Moves to Accept Bitcoin and Ethereum In-Store
    Walmart Reportedly Moves to Accept Bitcoin and Ethereum In-Store
    June 12, 2026
  • Crypto
    CryptoShow More
    Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided
    Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided
    July 10, 2026
    SEC Clears T. Rowe Price Multi-Asset Crypto ETF With XRP, SOL, LINK, ADA
    SEC Clears T. Rowe Price Multi-Asset Crypto ETF With XRP, SOL, LINK, ADA
    June 17, 2026
    Tether Declines MiCA Compliance, USDT Vanishes from EU Exchanges
    Tether Declines MiCA Compliance, USDT Vanishes from EU Exchanges
    June 16, 2026
    SBI Shinsei Bank Launches Crypto Interest Conversion Pilot in Japan
    SBI Shinsei Bank Launches Crypto Interest Conversion Pilot in Japan
    June 15, 2026
    Walmart Reportedly Moves to Accept Bitcoin and Ethereum In-Store
    Walmart Reportedly Moves to Accept Bitcoin and Ethereum In-Store
    June 12, 2026
  • Blockchain
    BlockchainShow More
    Mastercard Wires Stablecoin Settlement Into Core Infrastructure Across Eight Chains
    Mastercard Wires Stablecoin Settlement Into Core Infrastructure Across Eight Chains
    June 4, 2026
    Alephium TokenBridge Drained for $815K After Guardians Compromised
    Alephium TokenBridge Drained for $815K After Guardians Compromised
    May 30, 2026
    TrapDoor Malware Hits Aptos, Sui, and Solana Devs With 34 Poisoned Packages
    TrapDoor Malware Hits Aptos, Sui, and Solana Devs With 34 Poisoned Packages
    May 25, 2026
    Uniswap's $UNI Token Goes Live on Solana Through Sunrise Finance Bridge
    Uniswap’s $UNI Token Goes Live on Solana Through Sunrise Finance Bridge
    May 22, 2026
    Binance Ships x402 Protocol for Machine-to-Machine Payments on BNB Chain
    Binance Ships x402 Protocol for Machine-to-Machine Payments on BNB Chain
    May 19, 2026
  • Market
    MarketShow More
    Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided
    Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided
    July 10, 2026
    SEC Clears T. Rowe Price Multi-Asset Crypto ETF With XRP, SOL, LINK, ADA
    SEC Clears T. Rowe Price Multi-Asset Crypto ETF With XRP, SOL, LINK, ADA
    June 17, 2026
    Tether Declines MiCA Compliance, USDT Vanishes from EU Exchanges
    Tether Declines MiCA Compliance, USDT Vanishes from EU Exchanges
    June 16, 2026
    SBI Shinsei Bank Launches Crypto Interest Conversion Pilot in Japan
    SBI Shinsei Bank Launches Crypto Interest Conversion Pilot in Japan
    June 15, 2026
    Walmart Reportedly Moves to Accept Bitcoin and Ethereum In-Store
    Walmart Reportedly Moves to Accept Bitcoin and Ethereum In-Store
    June 12, 2026
Reading: TrapDoor Malware Hits Aptos, Sui, and Solana Devs With 34 Poisoned Packages
Share

You have not selected any currencies to display

BNB NewsBNB News
Font ResizerAa
  • News
  • Crypto
  • Blockchain
  • Market
Search
  • News
  • Crypto
  • Blockchain
  • Market
Follow US
© BNB News. All Rights Reserved.
BNB News > Blockchain > TrapDoor Malware Hits Aptos, Sui, and Solana Devs With 34 Poisoned Packages
BlockchainCryptoNews

TrapDoor Malware Hits Aptos, Sui, and Solana Devs With 34 Poisoned Packages

Forest
Last updated: May 25, 2026 4:14 pm
Forest Published May 25, 2026
Share
TrapDoor Malware Hits Aptos, Sui, and Solana Devs With 34 Poisoned Packages
Security firm Socket detected TrapDoor, a supply chain attack across npm, PyPI, and Crates.io targeting crypto devs. 34 malicious packages steal SSH keys, wallet credentials, and GitHub tokens.

A coordinated supply chain attack is spreading malicious code across the developer ecosystems for Aptos, Sui Network, and Solana, with security researchers detecting 34 malicious packages and 384 versions designed to drain wallets and steal credentials.

Contents
Persistence and Lateral MovementSame Playbook, New Scale

Socket Security flagged the campaign, dubbed TrapDoor, across npm, PyPI, and Crates.io, with a median detection time of five minutes and 27 seconds. The fastest catch came 58 seconds after publication. Several packages remained live as of Sunday.

The attack targets crypto, DeFi, AI, and security developers. Once installed, the packages execute scripts that scan for SSH keys, wallet data, cloud credentials, GitHub tokens, browser profiles, environment variables, and API keys. Rust-based payloads on Crates.io specifically hunt for Sui and Move keystores, encrypt the data with a hardcoded XOR key, and exfiltrate to GitHub Gists. Python packages on PyPI auto-execute on import, download remote JavaScript from an attacker-controlled GitHub Pages domain, and run it via node. npm packages use postinstall hooks to pull down the same payload.

Persistence and Lateral Movement

TrapDoor establishes persistence through cron jobs, systemd services, and Git hooks. Stolen SSH keys enable lateral movement across developer networks. AWS and GitHub credentials expose private repositories, CI/CD pipelines, and deployment environments. The campaign validates stolen credentials in real time by calling AWS and GitHub APIs.

One novel vector: the malware implants .cursorrules and CLAUDE.md files with hidden instructions encoded in zero-width Unicode characters. The goal is to trick AI coding assistants, Cursor, Claude, into running what appears to be a security scan that silently exfiltrates secrets. Pull requests containing these payloads have appeared in repositories for browser-use, langchain-ai, and langflow-ai.

Same Playbook, New Scale

Supply chain attacks on package managers aren’t new, but TrapDoor combines typosquatting, ecosystem-specific execution hooks, and AI assistant injection in a single campaign. External payload hosting on GitHub Pages lets attackers update malicious behavior without publishing new package versions, complicating remediation.

Developers who installed suspicious packages should rotate AWS keys, GitHub tokens, and SSH keys immediately. Lockfiles deserve audits for unexpected version changes. AI configuration files, .cursorrules, CLAUDE.md, should be inspected for hidden characters. The campaign underscores a risk that’s been theoretical until now: AI development environments as part of the attack surface.

Your npm install is now part of your threat model. The package you trusted yesterday might be malware today.

You Might Also Like

Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided

SEC Clears T. Rowe Price Multi-Asset Crypto ETF With XRP, SOL, LINK, ADA

Tether Declines MiCA Compliance, USDT Vanishes from EU Exchanges

SBI Shinsei Bank Launches Crypto Interest Conversion Pilot in Japan

Walmart Reportedly Moves to Accept Bitcoin and Ethereum In-Store

TAGGED:aptosdevelopersmalwaresecuritysolanasui
Previous Article Trump Administration Backs Bitcoin Real Estate as $4.2M Home Closes Trump Administration Backs Bitcoin Real Estate as $4.2M Home Closes
Next Article MicroStrategy Reports 13.3% BTC Yield YTD, Holdings Hit 843,738 Bitcoin MicroStrategy Reports 13.3% BTC Yield YTD, Holdings Hit 843,738 Bitcoin
Popular News
BNB Awaits Bitcoin’s Halving: A Look at Market Movements
Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided
Trump Lets CBDC Ban Become Law Without Signature, Pocket Veto Avoided
SquadSwap: The Rising Star of DEXs on BNBChain, Empowering Community Through Innovation and Rewards

You Might Also Like

Japan Slashes Crypto Tax to 20%, Reclassifies Bitcoin Under Securities Law
BitcoinCryptoMarketNews

Japan Slashes Crypto Tax to 20%, Reclassifies Bitcoin Under Securities Law

June 11, 2026
CME Group Launches Multi-Asset Crypto Index Futures With Nasdaq
CryptoMarketNewsTrading

CME Group Launches Multi-Asset Crypto Index Futures With Nasdaq

June 10, 2026
First Fannie Mae Mortgage Closes With Bitcoin Collateral via Coinbase
BitcoinBusinessCoinbaseNews

First Fannie Mae Mortgage Closes With Bitcoin Collateral via Coinbase

June 8, 2026
Mastercard Wires Stablecoin Settlement Into Core Infrastructure Across Eight Chains
BlockchainBusinessCryptoNews

Mastercard Wires Stablecoin Settlement Into Core Infrastructure Across Eight Chains

June 4, 2026

Follow Us on Socials

We use social media to react to breaking news, update supporters and share information

X-twitter Telegram
BNB News
Your New Destination for
Crypto and Blockchain Updates

Contact Us

Privacy Policy

Terms of Use

Subscribe to our newsletter

You can be the first to find out the latest news and tips about trading, markets...

    © BNB News. All Rights Reserved.
    Welcome Back!

    Sign in to your account

    Lost your password?