TrapDoor malware targets developer workstations across code platforms

Security researchers have identified TrapDoor, a malicious package campaign spanning over 34 packages across npm, PyPI, and Crates.io repositories. The malware targets developer workstations to steal sensitive credentials including AWS keys, GitHub tokens, SSH keys, and cryptocurrency wallet data. The campaign exploits common development workflows like npm postinstall scripts and Rust build scripts, making detection difficult. Notably, TrapDoor also attempts to compromise AI coding assistants by modifying configuration files with hidden instructions to trick them into exposing secrets. The campaign highlights growing risks to developer environments, which contain access to source code, cloud infrastructure, and CI/CD pipelines. Compromising a single workstation could give attackers broader access to organizational systems. Source: The Register.