TrapDoor campaign distributes credential-stealing malware across npm, PyPI, and Crates.io; over 34 malware-infected packages in 384 versions identified, targeting developers in crypto, DeFi, Solana, and AI sectors; malware steals secrets, wallets, SSH keys, and cloud credentials.