Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants.
An active supply chain attack is targeting crypto and artificial intelligence developers in a bid to steal crypto, data or credentials, says the developer platform Socket.
Socket said in a report on Sunday that it discovered the malware campaign, which it dubbed “TrapDoor,” on Friday, and the campaign has deployed more than 34 malicious packages and 384 related versions, with attackers repeatedly pushing new releases across ecosystems.
TrapDoor targets crypto, decentralized finance, AI, and security developers, stealing wallet data, Secure Shell, or SSH keys, cloud credentials, GitHub tokens, browser extension data and API keys, Socket said.
