Three malicious NPM packages posing as developer tools for the popular Cursor AI code editor were caught deploying a backdoor on macOS systems, vulnerability detection firm Socket reports.
Cursor is a proprietary integrated development environment (IDE) that integrates AI features directly within the coding environment. It offers tiered access to LLMs, with premium language models priced per request.
The packages, named sw‑cur, sw‑cur1, and aiide-cur, claim to provide cheap access to Cursor, exploiting the developers’ interest in avoiding paying the fees.
All three packages were published by a threat actor using the NPM usernames gtr2018 and aiide, and have amassed over 3,200 downloads to date.
“As of this writing, these packages remain live on the NPM registry. We have formally petitioned for their removal,” Socket warns.
Upon execution, a malicious script contained by these packages harvests user credentials, fetches a payload from a remote server and decrypts and decompresses it.
It also replaces Cursor code with malicious code supplied by the attacker, and restarts the application to obtain persistent remote execution capabilities within the IDE.
Additionally, the vulnerability detection firm noticed that sw‑cur would disable Cursor’s auto-update mechanism, likely to prevent removal.
“The attack specifically targets macOS installations of this application by modifying internal files such as main.js under the /Applications/Cursor.app/… path. The malware uses the editor’s trusted runtime to execute threat actor-controlled code and maintain persistence,” Socket notes.
All three packages use the same credential exfiltration, payload retrieval, decryption, and file-patching routines, albeit they use different hardcoded domains.
The attack, Socket warns, could lead not only to credential and code theft, or additional malware infections, but also to unauthorized access to paid services and any codebase opened within the IDE.
“In enterprise environments or open source projects, the risks multiply. A trojanized IDE on a developer’s machine can leak proprietary source code, introduce malicious dependencies into builds, or serve as a foothold for lateral movement within CI/CD pipelines,” Socket notes.
Cursor users who downloaded any of these packages are advised to restore Cursor from a trusted source, rotate credentials, and audit their code for potential unauthorized changes.
Related: Hundreds Download Malicious NPM Package Capable of Delivering Rootkit
Related: Dozens of Malicious NPM Packages Steal User, System Data
Related: Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs
Related: Malicious NPM, PyPI Packages Stealing User Information