TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

A coordinated supply chain attack dubbed TrapDoor has deployed credential-stealing malware across three major package ecosystems. Threat actors distributed malicious code through 34 packages spanning over 384 versions on npm, PyPI, and Crates.io.

The campaign began May 22, 2026, with attackers publishing malicious packages in waves. The malware targets credential theft, making it a direct threat to developers and organisations that depend on these package managers.

npm serves JavaScript and Node.js projects. PyPI hosts Python packages. Crates.io distributes Rust libraries. Each ecosystem supports millions of developers worldwide. A successful infiltration at this scale means compromised credentials could unlock access to downstream systems, CI/CD pipelines, cloud environments, and production infrastructure.

The TrapDoor campaign exploited a common attack vector. Developers install packages from these repositories assuming third-party vetting. In reality, attackers registered legitimate-sounding package names or typosquatted popular libraries. Once installed, the malware silently harvests credentials including API keys, authentication tokens, and environment variables.

The multi-ecosystem approach multiplies the attack surface. Organisations using JavaScript, Python, and Rust in the same codebase face triple exposure. A single developer environment running all three languages could execute malware from any of the poisoned packages.

Red flags for organisations include unexpected package installations, unusual network activity from build systems, and credentials appearing in attacker infrastructure. Security teams should immediately audit dependency trees, revoke exposed credentials, and scan logs for malicious package execution.

Package managers rely on community reporting and automated scanning to catch malicious uploads. TrapDoor's 34-package footprint suggests detection gaps persisted for extended periods. The spread across 384 versions indicates either rapid iteration or multiple attack campaigns under a single designation.

Developers should verify package authent