Socket Security has revealed that the TrapDoor theft program is conducting supply chain attacks on major code repositories, including npm, PyPI, and Crates.io. The campaign involves 34 malicious packages and 384 versions and artifacts, specifically targeting developers in the cryptocurrency, DeFi, AI, and security sectors. The attacks aim to steal sensitive information such as wallets, SSH keys, cloud credentials, and GitHub tokens.
The median detection time for these malicious versions is 5 minutes and 27 seconds, with the fastest detection recorded at just 58 seconds. This rapid detection highlights the ongoing efforts to mitigate the impact of such attacks on developers and their projects.
TrapDoor Stealer Targets npm, PyPI, and Crates.io with Malicious Packages
Aviso legal: El contenido de Phemex News es únicamente informativo.No garantizamos la calidad, precisión ni integridad de la información procedente de artículos de terceros.El contenido de esta página no constituye asesoramiento financiero ni de inversión.Le recomendamos encarecidamente que realice su propia investigación y consulte con un asesor financiero cualificado antes de tomar cualquier decisión de inversión.