A coordinated malware campaign known as TrapDoor has infiltrated major open source software ecosystems, deploying more than 34 malicious packages designed to steal cryptocurrency wallet credentials, cloud access tokens, and SSH keys from developers.