Follow on X RSS Feed

supply-chain-attack

A collection of 1 post
TrapDoor Targets 34 Packages Across npm, PyPI and Crates.io to Steal Crypto Keys and Poison AI Assistants
supply-chain-attack

TrapDoor Targets 34 Packages Across npm, PyPI and Crates.io to Steal Crypto Keys and Poison AI Assistants

GroupAttribution unconfirmed. Publisher accounts: npm (asdxzxc), PyPI (asdmini67, dae5411). Campaign marker P-2024-001.TypeCross-ecosystem supply chain credential stealer with AI assistant poisoning componentCVEsNone assigned. CWE-506 (Embedded Malicious Code) applies across all 34 packages.Malwaretrap-core.js — 1,149-line npm credential harvester (48,485 bytes); Crates.io build.rs stealer using XOR key
12 min read