Thought Leadership
Security researchers have identified three malicious NPM packages posing as developer tools for the AI-supported code editor Cursor. The malware specifically targets macOS users and installs a backdoor in the system.
Cursor is a proprietary code editor with integrated AI functions and offers developers access to various language models – although the premium versions are only available for a fee. This is precisely where the attackers come in: The fake packages called “sw-cur”, “sw-cur1” and “aiide-cur” promise low-cost access to the editor’s paid functions.
According to security firm Socket, the packages were released by an attacker under the NPM usernames “gtr2018” and “aiide” and have over 3,200 downloads to date. “At the time of publication, these packages are still available in the NPM registry. We have formally requested their removal,” warns Socket.
Extensive attack functions
The malware has a considerable arsenal of functions:
- Theft of user access data
- Retrieval of a malicious load from a remote server with subsequent decryption and unpacking
- Replacement of the legitimate cursor code with malicious code
- Restarting the application to obtain persistent remote access functions within the IDE
- Deactivation of the auto-update mechanism of Cursor (in the case of sw-cur), presumably to prevent removal
“The attack specifically targets macOS installations of this application by modifying internal files such as main.js under the path ‘/Applications/Cursor.app/…’. The malware uses the trusted runtime environment of the editor to execute code controlled by the attacker and ensure persistence,” explains Socket.
Significant risks for individuals and companies
The consequences of a successful attack can be serious:
- Theft of access data and source code
- Infection with additional malware
- Unauthorized access to chargeable services
- Manipulation of any source code opened in the IDE
“In corporate environments or open source projects, the risks multiply. A manipulated IDE on a developer’s computer can expose proprietary source code, inject harmful dependencies into builds or serve as a starting point for lateral movement within CI/CD pipelines,” warns Socket.
