Ethical Hacking News
A growing supply chain threat has emerged with malicious npm packages targeting popular software applications such as Cursor, a leading AI-powered source code editor. These packages have been designed to steal user credentials and grant arbitrary code execution within the platform.
Three malicious npm packages targeting Apple macOS versions of Cursor AI-powered source code editor have been flagged by researchers.The packages, sw-cur, sw-cur1, and aiide-cur, are designed to steal user credentials, fetch encrypted payloads, and disable auto-updates.The packages were published on February 14, 2025, with over 3,200 downloads to date.Researchers warn that installing these packages can result in arbitrary code execution within the context of the platform.A supply chain threat is highlighted, where threat actors use malicious patches to compromise trusted local software.Another similar report has been made about a compromised npm package called "rand-user-agent" with versions 2.0.83, 2.0.84, and 1.0.110 being found malicious.
In recent times, a growing concern has emerged within the realm of cybersecurity - malicious npm packages. These packages, designed to infiltrate and compromise various software applications, pose a significant threat to users worldwide. Our investigation reveals that three such packages have been flagged by researchers, targeting the Apple macOS version of Cursor, a popular AI-powered source code editor.
According to reports from Socket researcher Kirill Boychenko, these malicious npm packages - sw-cur (2,771 downloads), sw-cur1 (307 downloads), and aiide-cur (163 downloads) - are designed to steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, and disable auto-updates to maintain persistence. The fact that these packages continue to be available for download from the npm registry highlights the vulnerability of users who may inadvertently install them.
The compromised packages were first published on February 14, 2025, by a user named "aiide" for the aiide-cur library, which claims to be a command-line tool for configuring the macOS version of Cursor. Meanwhile, the other two packages - sw-cur and sw-cur1 - were published a day earlier by a threat actor under the alias "gtr2018". The researchers warn that these packages have been downloaded over 3,200 times to date.
Researchers from Socket further explained that once installed, the libraries are designed to harvest user-supplied Cursor credentials and fetch a next-stage payload from a remote server ("t.sw2031[.]com" or "api.aiide[.]xyz"), which is then used to replace a legitimate Cursor-specific code with malicious logic. Moreover, the npm packages also take the step of disabling Cursor's auto-update mechanism and terminating all Cursor processes. The patched code then proceeds to restart the application so that the malicious code takes effect, allowing the threat actor to execute arbitrary code within the context of the platform.
This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software. The selling point here is that the attackers are attempting to exploit developers' interest in AI as well as those who are looking for cheaper usage fees for access to AI models. "The threat actor's use of the tagline 'the cheapest Cursor API' likely targets this group, luring users with the promise of discounted access while quietly deploying a backdoor," Boychenko said.
The discovery also follows another report from Aikido about a supply chain attack that has compromised a legitimate npm package called "rand-user-agent" to inject code that conceals a remote access trojan (RAT). Versions 2.0.83, 2.0.84, and 1.0.110 have been found to be malicious.
The newly released versions are designed to establish communications with an external server to receive commands that allow it to change the current working directory, upload files, and execute shell commands. The compromise was detected on May 5, 2025. At the time of writing, the npm package has been marked deprecated and the associated GitHub repository is also no longer accessible, redirecting users to a 404 page.
Users who have upgraded to 2.0.83, 2.0.84, or 1.0.110 are advised to downgrade it back to the last safe version released seven months ago (2.0.82). However, doing so does not remove the malware from the system.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Glimpse-into-the-Shadowy-World-of-Malicious-npm-Packages-A-Growing-Supply-Chain-Threat-ehn.shtml
https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html
https://www.securityweek.com/malicious-npm-packages-target-cursor-ais-macos-users/
https://socket.dev/blog/malicious-npm-packages-hijack-cursor-editor-on-macos
Published: Fri May 9 09:24:55 2025 by llama3.2 3B Q4_K_M
