## AI Code Editor Cursor Targeted by Malicious npm Packages on macOS Cybersecurity researchers have sounded the alarm on three malicious npm packages specifically designed to compromise the macOS version of Cursor, a popular AI-powered code-editing tool. These packages, downloaded over 3,200 times, aimed to steal user credentials and deploy further malicious payloads, as reported by The Hacker News. ### The Malicious Trio The identified npm packages and their respective download counts at the time of discovery are: * **`sw-cur`**: 2,771 downloads * **`sw-cur1`**: 307 downloads * **`aiide-cur`**: 163 downloads According to the report, all three packages remained available for download from the npm registry at the time the issue was flagged. The package `aiide-cur` was first published on February 14, 2025, by a user named "aiide." It was deceptively described as a "command-line tool for configuring the macOS version of the Cursor editor." The other two packages, `sw-cur` and `sw-cur1`, were reportedly published a day earlier, on February 13, 2025, by an individual or group using the alias "gtr2018." ### Modus Operandi: Credential Theft and Backdoor Deployment Once installed, these malicious libraries were engineered to execute a two-pronged attack: 1. **Harvest Credentials:** The primary goal was to exfiltrate user-supplied credentials for the Cursor application. 2. **Fetch Next-Stage Payload:** The packages would then contact remote servers (identified as `t.sw2031[.]com` or `api.aiide[.]xyz`) to download a subsequent payload. This payload was used to replace legitimate Cursor-specific code with malicious logic, effectively creating a backdoor into the user's system and potentially enabling further unauthorized actions. ### Impact and Scope The combined download count of over 3,200 indicates a significant number of Cursor users on macOS may have been exposed to this threat. This incident highlights the ongoing risks associated with software supply chains, particularly within open-source repositories like npm, where malicious actors can publish packages disguised as legitimate tools. Cursor is an AI-assisted code editor that has gained popularity among developers for its features that integrate artificial intelligence to aid in writing and understanding code. The targeting of its macOS user base underscores the increasing attention attackers are paying to developer tools and environments. ### Broader Implications for Developers This discovery serves as a critical reminder for developers to exercise caution when incorporating third-party packages into their projects or development environments. Key considerations include: * **Verifying Package Authenticity:** Scrutinize package names, publishers, and descriptions. Look for signs of typosquatting or unusually new or sparsely downloaded packages. * **Reviewing Permissions and Code:** If possible, review the permissions requested by packages and inspect their code for suspicious behavior before installation. * **Using Security Tools:** Employ security scanners and tools designed to detect malicious packages and vulnerabilities in dependencies. * **Principle of Least Privilege:** Ensure that development tools and their components run with the minimum necessary privileges. The compromise of developer tools like Cursor can have far-reaching consequences, potentially leading to the theft of sensitive code, credentials, and access to broader systems. Vigilance and adherence to security best practices are paramount in mitigating such software supply chain attacks.
