A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files.
Researchers at Socket said the campaign, which they are tracking as TrapDoor, “spans more than 34 malicious packages and 384+ related versions and artifacts” across the three open-source ecosystems.
The packages were designed to steal developer secrets, including AWS credentials, GitHub tokens, SSH keys, browser data, environment variables, crypto wallets, and local development configuration files, according to Socket.
The findings indicate a bigger concern than just another malicious package inc...