Researchers at security research company Socket Security have announced the detection of malicious software packages targeting cryptocurrency development environments and wallets, including the Aptos (APT), Sui (SUI), and Solana (SOL) ecosystems.
Accordingly, researchers identified a malware campaign called “TrapDoor” targeting crypto developer environments through more than 34 malicious packages designed to steal SSH keys and wallet credentials.
Socket researchers said the malware was designed to steal SSH keys, wallet key stores, AWS credentials, GitHub tokens, and browser login databases from developer machines.
The researchers added that the malicious package names were designed to resemble development tools in cryptocurrency, DeFi, AI, and security workflows, targeting environments where cloud credentials, SSH keys, and wallet data might be stored on developer machines.
Socket’s Chief Technology Officer, Ahmad Nassri, stated that the malware targeted the Brave web browser as well as popular cryptocurrency wallets such as Coinbase, Binance, Solana, Sui, Aptos, and MetaMask.
*This is not investment advice.
