TrapDoor malware campaign puts developer workstations in CISO spotlight
Summary
A new malware campaign dubbed TrapDoor has targeted developer workstations by distributing malicious packages across npm, PyPI, and Crates.io. These packages are designed to steal sensitive developer credentials, including AWS credentials, GitHub tokens, and SSH keys, by exploiting common development workflows and AI coding assistant files.
IFF Assessment
This campaign represents a significant threat to defenders by targeting developer workstations, which are increasingly central to source code, cloud infrastructure, and AI coding tools.
Defender Context
Defenders should be highly vigilant about supply chain attacks targeting open-source repositories and developer workstations. The exploitation of AI coding assistant files and traditional development workflows in the TrapDoor campaign highlights the evolving tactics of threat actors and the need for robust endpoint detection and response, as well as careful scrutiny of all dependencies.