Large-Scale "TrapDoor" Supply Chain Attack Targets Developers Across npm, PyPI, and Crates.io A sophisticated supply chain attack, dubbed “TrapDoor,” is actively targeting developers by abusing open-source ecosystems to steal sensitive data. The campaign spans npm, PyPI, and Crates.io, deploying 34 malicious packages across 384 versions to compromise systems in cryptocurrency, DeFi, AI, and cloud environments. Attackers exploit legitimate package installation and build mechanisms such as npm’s postinstall scripts, Python’s import behavior, and Rust’s build.rs to execute malicious code automatically during installation or project builds, requiring no user interaction. The malware harvests SSH keys, cloud credentials, API tokens, and cryptocurrency wallets, exfiltrating data through trusted platforms like GitHub Pages, raw.githubusercontent.com, and webhook.site to evade detection. ### Key Malicious Packages & Tactics - Python (PyPI): *git-config-sync* - Executes malicious code upon import, scanning directories (`.ssh`, `.aws`, `.docker`, `.kube`) for credentials using regex patterns. - Disables TLS verification to intercept traffic, sending stolen data to attacker-controlled GitHub Pages endpoints. - npm: *token-usage-tracker* - The most advanced variant, running a background process to collect browser credentials, cloud configs, shell histories, and cryptocurrency wallets. - Uses Fernet encryption before exfiltrating data via webhooks or GitHub Gist. - Introduces persistence and propagation by modifying shell configs, injecting Git hooks, and poisoning AI development environments (e.g., `.cursorrules`, `CLAUDE.md`) to influence coding assistants. - Rust (Crates.io): *sui-framework-helpers* - Executes during builds via `build.rs`, targeting blockchain wallet files (Sui, Solana, Aptos). - Uses XOR obfuscation and uploads stolen data to public GitHub Gists. ### Attack Infrastructure & Evasion The campaign leverages whitelisted services (GitHub Pages, webhook.site) to blend malicious traffic with legitimate developer activity. While the npm variant stands out for its persistence, propagation, and remote command execution, all samples follow a consistent pattern: 1. Trigger during install/build. 2. Harvest credentials from local environments. 3. Exfiltrate via trusted channels. ### Indicators of Compromise (IOCs) - Domain: `ddjidd564[.]github[.]io` - URLs: - `https[:]//ddjidd564[.]github[.]io/defi-security-best-practices/config.json` - `https[:]//webhook[.]site/2ada14c8-00f6-43ce-9ad6-f5dc15952246` (and similar webhook endpoints) Security researchers warn the attack underscores the growing sophistication of supply chain threats, with developers in high-value sectors as prime targets.

Sophisticated Supply Chain Attack Targets Popular npm Package *node-ipc* A widely used npm package, node-ipc downloaded over 822,000 times weekly has been weaponized in a supply chain attack, exposing JavaScript developers to credential theft and backdoor access. Security researchers at Socket identified malicious versions (9.1.6, 9.2.3, and 12.0.1) of the package, which were published on May 14, 2026, shortly before detection. Unlike typical npm attacks, this campaign embedded malware directly into the package’s CommonJS entry point (node-ipc.cjs), executing automatically upon requiring the library. The ESM version remained unaffected, limiting exposure to applications using `require("node-ipc")`. The obfuscated malware conducts system fingerprinting, harvesting sensitive data including cloud credentials (AWS, Azure, GCP, OCI), SSH keys, Git tokens, Kubernetes/Docker configs, .env files, and CI/CD secrets before compressing and encrypting it into a `.tar.gz` archive at `/tmp/nt-<pid>/`. Exfiltration occurs via covert DNS TXT queries to attacker-controlled domains (sh.azurestaticprovider[.]net, bt.node[.]js), evading standard network monitoring by splitting data into small chunks. Investigators traced the attack to a hijacked npm maintainer account (atiertant), where an expired email domain allowed credential resets without breaching npm’s infrastructure. This tactic underscores a growing risk: dormant maintainer accounts as silent entry points for supply chain attacks. The incident follows node-ipc’s prior involvement in a 2022 geo-targeted malware campaign, raising concerns about repeated compromise or deliberate reintroduction. Security teams are advised to monitor DNS logs for unusual TXT query bursts and block listed domains. Indicators of Compromise (IOCs): - Malicious packages: [email protected], 9.2.3, 12.0.1 - Exfiltration domains: sh.azurestaticprovider[.]net, bt.node[.]js - DNS patterns: xh., xd., xf.* subdomains - Temp file path: `/tmp/nt-<pid>/<machineHex>.tar.gz` - Anomalous timestamp: October 26, 1985 (file artifacts)

Sophisticated Supply Chain Attack Targets Brazilian Banking SDK via Malicious NuGet Package A supply chain attack impersonating the official C# SDK for Sicoob, one of Brazil’s largest cooperative banking networks, was uncovered by researchers at Socket. The malicious NuGet package, Sicoob.Sdk (versions 2.0.0–2.0.4), contained hidden credential exfiltration logic designed to steal sensitive banking credentials and payment data. ### Key Details of the Attack - Timeline: The fraudulent package was published on May 5, 2026, and rapidly updated to version 2.0.4 by May 6, 2026, before being blocked following Socket’s abuse report. - Target: Sicoob serves 9 million members across 328 cooperatives and 5,219 service points in Brazil, making it a high-value target for financially motivated threat actors. - Deception Tactics: The package mimicked a legitimate .NET 8 SDK for Sicoob’s APIs, complete with a GitHub organization (Sicoob-Cooperativa) and clean-looking source code. However, the compiled DLL contained malicious logic absent from the public repository. - Exfiltration Mechanism: When developers initialized SicoobClient with a client ID, PFX file path, and password a standard workflow for mutual TLS banking integrations the DLL secretly base64-encoded the PFX certificate and transmitted it, along with the plaintext password and client ID, to a hardcoded Sentry telemetry endpoint (o4511335034847232.ingest.de.sentry.io). - Secondary Data Theft: The attack also captured raw boleto API responses, exposing transaction details, payer/payee information, due dates, and payment status. - Trigger Condition: The exfiltration only activated when isSandbox was set to false, meaning it targeted production environments using live credentials. ### Attacker Infrastructure & Exposure - The NuGet publisher account (sicoob) listed 12 Sicoob-branded packages, accumulating 484 total downloads. - The fraudulent GitHub organization (Sicoob-Cooperativa), created on May 4, 2026, had no verification, public members, or affiliation with the real Sicoob, whose official GitHub links to sicoob.com.br. - Google’s AI search briefly promoted Sicoob.Sdk as the recommended .NET integration path, increasing developer exposure. ### Broader Context This incident follows a February 2026 discovery of four malicious NuGet packages (NCryptYo, DOMOAuth2_, IRAOAuth2.0, SimpleWriter_), which exfiltrated ASP.NET Identity data and installed persistent C2 backdoors, totaling 4,500+ downloads. These campaigns highlight NuGet’s growing appeal to attackers using impersonation, typosquatting, and source-façade techniques to bypass developer trust. ### Indicators of Compromise (IOCs) - Malicious Package: Sicoob.Sdk (versions 2.0.0–2.0.4) - NuGet Publisher: sicoob - Exfiltration Host: o4511335034847232.ingest.de.sentry.io - Fraudulent GitHub Org: github.com/Sicoob-Cooperativa - Fraudulent Contributor: github.com/joaobcdev

Critical RCE Vulnerability in next-mdx-remote Library (CVE-2026-0969) A critical security flaw in the next-mdx-remote library, tracked as CVE-2026-0969, allows attackers to execute arbitrary code on servers rendering untrusted MDX content. The vulnerability affects versions 4.3.0 through 5.0.0 and has been patched in 6.0.0. next-mdx-remote, a widely used open-source TypeScript library for Next.js-based React applications, enables dynamic rendering of MDX (Markdown with JSX) from databases, APIs, or user input commonly used in blogs, documentation, and user-generated content platforms. ### How the Attack Works The vulnerability stems from insufficient sanitization in the library’s `serialize` and `compileMDX` functions, which fail to block malicious JavaScript expressions in untrusted MDX. Attackers can embed harmful code such as `eval()`, `Function()`, or `require()` within curly braces (`{}`). When processed during server-side rendering (SSR), the server executes the code with full privileges, leading to remote code execution (RCE). For example, an attacker could submit MDX containing: ```md {require('child_process').execSync('rm -rf /')} ``` If JavaScript expressions are enabled (the default in vulnerable versions), the server executes the command, potentially allowing data theft, malware installation, or full server compromise. ### Mitigation & Fix Version 6.0.0 introduces breaking changes to address the issue: - JavaScript expressions are now blocked by default (`blockJS: true`). - When enabled (`blockJS: false`), a new `blockDangerousJS: true` option (default) filters high-risk globals like `process`, `eval`, and `require`. Developers handling untrusted MDX on servers should upgrade to 6.0.0 immediately. Additional precautions include auditing code for `compileMDX` or `serialize` calls and using sanitization libraries like remark-rehype for enhanced security. The vulnerability carries a critical CVSS score (estimated 9.8/10), underscoring the severity of the risk for affected applications.

Malicious NuGet Packages Target ASP.NET Developers in Supply Chain Attack A supply chain attack targeting ASP.NET developers has been uncovered, involving four malicious NuGet packages designed to steal credentials and deploy persistent backdoors in web applications. The packages NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ were published between August 12 and 21, 2024, by a threat actor using the username "hamzazaheer" and have amassed over 4,500 downloads collectively. The attack begins with typosquatting, where NCryptYo impersonates the legitimate NCrypto cryptography library. Its DLL filename (NCrypt.dll) mimics Windows’ native CNG cryptography provider, while its namespace mirrors Microsoft’s APIs. Upon loading, the package executes a static constructor that silently launches a hidden proxy on localhost port 7152, relaying traffic to an attacker-controlled server. Researchers at Socket.dev identified the campaign by tracing shared infrastructure across all four packages. DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ contained a byte-identical hardcoded authentication token, encoded with GZip compression and custom Base64 substitutions, confirming a single operator. VirusTotal analysis revealed that only 1 out of 72 security vendors detected the malicious NCrypt.dll, underscoring the effectiveness of its obfuscation. Once active, DOMOAuth2_ and IRAOAuth2.0 harvest ASP.NET Identity data including user accounts, roles, and permissions and transmit it to the attacker via the local proxy. SimpleWriter_, disguised as a PDF conversion tool, writes attacker-controlled files to disk and executes hidden processes, extending the compromise beyond the developer’s workstation to production applications. The attack leverages JIT compiler hijacking, where NCryptYo replaces the .NET runtime’s just-in-time compilation process with its own hook. Malicious code decrypts only at execution, evading static analysis. The DLL is protected by .NET Reactor obfuscation, featuring a 14-day expiry timer and anti-debugging measures. Embedded within are five encrypted resources, including a 126 KB payload that establishes the proxy tunnel. The campaign highlights the risks of obfuscated .NET malware and the challenges of detecting supply chain threats in development environments.

Malicious npm Supply Chain Attack Targets *node-ipc* with Credential-Stealing Malware A new supply chain attack has compromised the widely used node-ipc npm package, injecting credential-stealing malware into three recent versions: 9.1.6, 9.2.3, and 12.0.1. The node-ipc module, which facilitates inter-process communication in Node.js applications, records over 690,000 weekly downloads despite a prior 2022 incident where its maintainer weaponized versions to overwrite data on Russian and Belarusian systems in protest of the Ukraine invasion. Security firms Socket, Ox Security, and Upwind identified the malicious code embedded in the package’s CommonJS entrypoint (node-ipc.cjs), which executes automatically upon application load. The heavily obfuscated malware fingerprints infected systems, harvests sensitive data, and exfiltrates it via DNS TXT queries a technique designed to evade detection by blending into normal network traffic. The stolen data includes: - Cloud credentials (AWS, Azure, GCP, OCI, DigitalOcean) - SSH keys and configs - Kubernetes, Docker, Helm, and Terraform credentials - npm, GitHub, GitLab, and Git CLI tokens - .env files and database credentials - Shell histories and CI/CD secrets - macOS Keychain and Linux keyring files - Firefox profile data (macOS) - Microsoft Teams local storage To minimize detection, the malware avoids scanning .git and node_modules directories, skips files larger than 4 MiB, and deletes temporary archives post-exfiltration. Data is transmitted to a fake Azure-themed domain (sh[.]azurestaticprovider[.]net:443) and relayed to bt[.]node[.]js using query prefixes like xh, xd, and xf. Researchers estimate that exfiltrating a 500 KB archive could generate 29,400 DNS TXT requests. The attack appears to stem from the compromise of an inactive maintainer’s account (atiertant), with no evidence of persistence or secondary payloads suggesting a focus on rapid credential theft. The malware does not overwrite files, unlike the 2022 protest-driven versions, indicating a shift in attacker motives. Developers are advised to remove affected versions, rotate exposed credentials, and audit lockfiles and npm caches.