Summary

The TrapDoor supply chain attack campaign has been identified as targeting major software ecosystems, including npm, PyPI, and Crates.io, to distribute malware designed to steal credentials. This attack involves over 34 malicious packages and spans more than 384 versions.

Key Points

• The attack is named TrapDoor and affects npm, PyPI, and Crates.io.
• Over 34 malicious packages have been identified, with more than 384 versions involved.
• The earliest recorded activity of the attack was on May 22, 2026, at 8:20 p.m. UTC.
• The attack involves publishing new packages in waves from a cluster of sources.

Analysis

The TrapDoor attack represents a significant threat to software supply chains, particularly affecting open-source ecosystems that are widely used by developers. By targeting npm, PyPI, and Crates.io, the attackers are leveraging popular package repositories to spread malware, potentially compromising a large number of systems and user credentials.

Conclusion

IT professionals should immediately review and monitor dependencies from npm, PyPI, and Crates.io for any suspicious activity. Implementing robust security measures and conducting regular audits of software supply chains are crucial to mitigating such threats.