BitcoinEthereumNews·
The post Cryptocurrency and AI Developers Face New Cybersecurity Threat appeared on BitcoinEthereumNews.com. A new malware campaign dubbed TrapDoor has been identified by cybersecurity firm Socket, posing a significant threat to developers in the fields of cryptocurrency and artificial intelligence. This extensive operation involves the distribution of malicious packages across popular developer platforms, targeting software developers by infiltrating 34 distinct packages and 384 versions on leading platforms such […] Continue Reading:Cryptocurrency and AI Developers Face New Cybersecurity Threat Source: https://en.bitcoinhaber.net/cryptocurrency-and-ai-developers-face-new-cybersecurity-threat
Read full articleThe attackers behind TrapDoor went after more than wallets and passwords — they embedded hidden instructions inside packages designed to manipulate AI coding assistants. Related Reading: Bitcoin Pizza Day: A $41 Experiment Now Worth Billions According to security firm Socket, the goal was to trick tools like Claude and Cursor into running what appeared to […]
Investigators at Soclet have discovered a new supply attack targeting crypto developers using npm, PyPI, and Crates.io packages. The campaign, dubbed Trapdoor, focuses on stealing crypto wallet keys and other secrets from developers in the crypto space. Supply Chain Attack Scheme Trapdoor Targets Developers For Maximum Performance While some malware campaigns target everyday crypto users, […]
Hackers secretly targeted crypto and AI developers using TrapDoor malware, stealing wallets, credentials, SSH keys, and sensitive company network access data. A sneaky cyberattack is targeting software developers. Specifically, it is dedicated to individuals who are involved in cryptocurrency and AI. The attack was discovered on Friday by a company called Socket. They then published […] The post Hackers Secretly Target Crypto Developers With Dangerous TrapDoor Malware appeared first on Live Bitcoin News.
The malware spread through npm, PyPI, and Rust packages in coordinated waves. It steals crypto wallets, SSH keys, and cloud developer credentials. AI coding tools were also targeted through malicious config files. A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers. Security researchers identified dozens of […] The post TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens appeared first on CoinJournal.
Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants.
Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers’ GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack. The malicious publishes started just before 2 a.m. UTC on May 19. By the time most developers on the East Coast had their first coffee, the damage was already done. Socket’s Threat […] The post npm Supply Chain Attack Hits @antv: Blockchain Dev Secrets Now Exposed appeared first on Live Bitcoin News.
Apple has a design for AI life. It hopes to build on the outstanding hardware performance its systems already provide to create a fantastic environment in which AI developers can thrive. If this plan sounds familiar it’s because it’s all about the App Store, and while it’s easy to expect Apple’s revenue share to change, the plan still makes the company the custodian of the AI age. The way it should work is if app developers see that one way to bring their AI services to billions of iPhones, iPad, and Mac users is to make AI agents available via Apple’s own portals. These will likely be via App Intents, enabling Siri to execute actions inside their apps without actively opening them. The Information reports some developers are resistant to joining the initiative, in part because they want to avoid paying any fees. All the same, consider the moment, consider the meaning, and I think the significance is that Apple has at last got its act together with AI. Ecosystem, services, store Apple
The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has uploaded 73 more impersonated links, as its attempt to infect software supply chains continues. Philipp Burckhardt, head of threat intelligence at Socket, which revealed the latest activity, called it a “significant escalation” in the gang’s activity, after it added 72 malicious extensions last month. The extensions impersonate trusted developer tools. More recently, the listed extensions contain benign code so they will evade malware scanners. Later, after connecting automatically to newly-created GitHub or other public accounts, they download GlassWorm to developers’ computers as an update. This latest wave includes some extensions that rely on bundled native binaries. “The extension itself acts as a thin loader,” Socket explained in its report. “By shifting critical logic outside of what tools typically scan, and spreading it across multiple delivery mechanisms,
