Socket identified TrapDoor, an active cross-ecosystem crypto stealer campaign spanning npm, PyPI, and Crates.io that uses malicious developer tools to steal wallets, SSH keys, cloud credentials, browser data, and environment variables. The operation is tied to the GitHub account ddjidd564, uses the marker P-2024-001, and abuses AI-facing files like .cursorrules and CLAUDE.md for persistence and hidden prompt injection. #TrapDoor #ddjidd564 #P-2024-001 #eth-security-auditor #trap-core.js
Keypoints
- TrapDoor is a coordinated supply chain campaign affecting npm, PyPI, and Crates.io with more than 34 malicious packages and 384+ related versions and artifacts.
- The campaign targets developers in crypto, DeFi, Solana, AI, Sui, and Move communities by posing as legitimate development helpers and build tools.
- It steals high-value data including wallet seeds/keystores, SSH keys, AWS credentials, GitHub tokens, browser data, API keys, and environment variables.
- npm packages use postinstall hooks to run a shared payload called trap-core.js, which harvests credentials, validates tokens, and attempts lateral movement and persistence.
- Crates.io packages abuse build.rs during Rust compilation to exfiltrate local keystores, while PyPI packages execute remote JavaScript on import.
- The campaign uses AI-focused persistence and injection via .cursorrules and CLAUDE.md, including hidden Unicode instructions and attacker-hosted configuration.
- Infrastructure links the activity to the GitHub account ddjidd564, the domain ddjidd564.github.io, and the campaign marker P-2024-001.
MITRE Techniques
- [T1204.002 ] User Execution: Malicious File â PyPI packages execute attacker-supplied code when imported, causing remote JavaScript to run via node -e (âdownload JavaScript from the attacker-controlled GitHub Pages domain, and run it using node -eâ).
- [T1059.007 ] Command and Scripting Interpreter: JavaScript â The campaign relies on JavaScript payloads in npm and PyPI to perform credential theft and follow-on actions (âshared trap-core.js payloadâ, âdownload JavaScript ⌠and run itâ).
- [T1059.006 ] Command and Scripting Interpreter: Python â Python package import time is used as an execution path to trigger malicious behavior (âPyPI packages that execute remote JavaScript payloads on importâ).
- [T1068 ] Exploitation for Privilege Escalation â The npm payload attempts SSH-based lateral movement to expand access after stealing keys (âattempts SSH-based lateral movementâ).
- [T1552.001 ] Unsecured Credentials: Credentials In Files â The malware scans local files and environments for secrets and configuration data (âscans for credentialsâ, âLocal development configuration filesâ).
- [T1552.004 ] Unsecured Credentials: Private Keys â It steals SSH keys and wallet keystores/private material from developer systems (âSSH keysâ, âSui, Solana, and Aptos wallet dataâ).
- [T1528 ] Steal Application Access Token â The payload validates and steals AWS and GitHub tokens to access cloud and code assets (âvalidates stolen credentials using AWS and GitHub API callsâ).
- [T1119 ] Automated Collection â The malicious code systematically gathers browser data, environment variables, keys, and credentials at scale (âcredential harvesterâ, âcollect a broad set of developer secretsâ).
- [T1546.001 ] Event Triggered Execution: Change Default File Association / Hook â npm persistence uses Git hooks, shell hooks, cron, and systemd mechanisms to maintain execution (âGit hooksâ, âShell hookâ, âsystemd servicesâ, âcron jobsâ).
- [T1547.001 ] Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder â The campaign establishes persistence through system startup-style mechanisms including systemd and cron (âsystemd servicesâ, âcron jobsâ).
- [T1053.003 ] Scheduled Task/Job: Cron â The malware uses cron jobs for persistence and repeated execution (âcron jobsâ).
- [T1053.006 ] Scheduled Task/Job: Systemd Service â It plants systemd services to keep the payload active (âsystemd servicesâ).
- [T1027 ] Obfuscated Files or Information â Hidden/bidirectional Unicode and zero-width characters are used to disguise malicious instructions (âhidden or bidirectional Unicode textâ, âzero-width Unicode charactersâ).
- [T1566.001 ] Phishing: Spearphishing Attachment â The attacker uses AI-facing project files as a lure for hidden instructions in repos (âdocs: add .cursorrulesâ, âdocs: add CLAUDE.mdâ).
- [T1218 ] System Binary Proxy Execution â build.rs and package lifecycle hooks are used as trusted execution paths inside package tooling (âuse build.rsâ, âpostinstall executionâ).
Indicators of Compromise
- [Domains / URLs ] Attacker infrastructure and payload hosting â ddjidd564[.]github[.]io, ddjidd564[.]github[.]io/defi-security-best-practices/
- [GitHub account ] Account used to host payloads, config, and PR activity â ddjidd564
- [Campaign marker ] Identifier reused across components and PRs â P-2024-001
- [File names ] Persistence, AI-injection, and payload files â trap-core.js, .cursorrules, CLAUDE.md
- [Package name ] First observed PyPI package â [email protected]
- [XOR key ] Hardcoded key used in Crates.io payload encryption â cargo-build-helper-2026
- [Content size ] Shared payload size noted in analysis â trap-core.js size: 48485 bytes
- [Package ecosystems ] Malicious package families across registries â npm packages such as dev-env-bootstrapper and wallet-security-checker, PyPI package eth-security-auditor, and Crates.io package move-analyzer-build
Read more: https://socket.dev/blog/trapdoor-crypto-stealer-npm-pypi-crates