Warning issued for 'TrapDoor' attack on Solana, Sui, Aptos wallets

A new supply chain attack campaign dubbed "TrapDoor" has been discovered targeting developers of Solana, Sui, and Aptos to steal wallet information and cloud credentials, CoinDesk reported. In a report today, security firm Socket revealed that it has identified more than 34 malicious packages across major open-source registries, including npm, PyPI, and Crates.io. The packages evaded suspicion by masquerading as ordinary utilities, such as security scanners or AI development tools. Notably, the attack employs a sophisticated technique that involves inserting hidden instructions into the configuration files of AI coding tools, such as `.cursorrules` or `CLAUDE.md`. These instructions then prompt the AI to run fake security checks during subsequent coding sessions, inducing the exfiltration of private keys, SSH access credentials, and GitHub tokens stored on the device.