TrapDoor Supply Chain Attack: AI Assistants Become a New Attack Surface

According to ME News, on May 25th (UTC+8), a coordinated supply chain attack called "TrapDoor" simultaneously attacked npm, PyPI, and Crates.io, involving 34 malicious packages aimed at stealing wallets, SSH keys, and cloud credentials from cryptocurrency, AI, and security developers. The attack employed a novel method: submitting pull requests to popular open-source projects, injecting manipulated `CLAUDE.md` and `.cursorrules` configuration files. When developers clone repositories and use AI assistants like Claude Code or Cursor, the AI can execute these files as trusted instructions, potentially running malicious commands without the developer's knowledge. This marks the first time an AI assistant has been used as an attack surface. (Source: ME)