Cybersecurity researchers have flagged three malicious npm packages which are designed to focus on the Apple macOS model of Cursor, a preferred synthetic intelligence (AI)-powered supply code editor.
“Disguised as developer instruments providing ‘the most cost effective Cursor API,’ these packages steal consumer credentials, fetch an encrypted payload from menace actor-controlled infrastructure, overwrite Cursor’s predominant.js file, and disable auto-updates to take care of persistence,” Socket researcher Kirill Boychenko said.
The packages in query are listed under –
All three packages proceed to be out there for obtain from the npm registry. “Aiide-cur” was first revealed on February 14, 2025. It was uploaded by a consumer named “aiide.” The npm library is described as a “command-line software for configuring the macOS model of the Cursor editor.”
The opposite two packages, per the software program provide chain safety agency, have been revealed a day earlier by a menace actor below the alias “gtr2018.” In whole, the three packages have been downloaded over 3,200 instances thus far.
The libraries, as soon as put in, are designed to reap user-supplied Cursor credentials and fetch a next-stage payload from a distant server (“t.sw2031[.]com” or “api.aiide[.]xyz”), which is then used to interchange a legit Cursor-specific code with malicious logic.
“Sw-cur” additionally takes the step of disabling Cursor’s auto-update mechanism and terminating all Cursor processes. The npm packages then proceed to restart the applying in order that the patched code takes impact, granting the menace actor to execute arbitrary code throughout the context of the platform.
“This marketing campaign highlights a rising provide chain menace, with menace actors more and more utilizing malicious patches to compromise trusted native software program,” Boychenko stated.
The promoting level right here is that the attackers try to take advantage of builders’ curiosity in AI in addition to those that are on the lookout for cheaper utilization charges for entry to AI fashions.
“The menace actor’s use of the tagline ‘the most cost effective Cursor API’ seemingly targets this group, luring customers with the promise of discounted entry whereas quietly deploying a backdoor,” the researcher added.
The disclosure comes as Socket uncovered two different npm packages – pumptoolforvolumeandcomment and debugdogs – to ship an obfuscated payload that siphons cryptocurrency keys, pockets recordsdata, and buying and selling knowledge associated to a cryptocurrency platform named BullX on and macOS methods. The captured knowledge is exfiltrated to a Telegram bot.
Whereas “pumptoolforvolumeandcomment” has been downloaded 625 instances, “debugdogs” have obtained a complete of 119 downloads since they have been each revealed to npm in September 2024 by a consumer named “olumideyo.”
“Debugdogs merely invokes pumptoolforvolumeandcomment, making it a handy secondary an infection payload,” safety researcher Kush Pandya said. “This ‘wrapper’ sample doubles down on the principle assault, making it simpler to unfold below a number of names with out altering the core malicious code.”
“This extremely focused assault can empty wallets and expose delicate credentials and buying and selling knowledge in seconds.”
Npm Bundle “rand-user-agent” Compromised in Provide Chain Assault
The invention additionally follows a report from Aikido a couple of provide chain assault that has compromised a legit npm package deal referred to as “rand-user-agent” to inject code that conceals a distant entry trojan (RAT). Variations 2.0.83, 2.0.84, and 1.0.110 have been discovered to be malicious.
The newly launched variations, per safety researcher Charlie Eriksen, are designed to ascertain communications with an exterior server to obtain instructions that enable it to vary the present working listing, add recordsdata, and execute shell instructions. The compromise was detected on Might 5, 2025.
On the time of writing, the npm package deal has been marked deprecated and the related GitHub repository can be now not accessible, redirecting customers to a 404 web page.
It is at the moment not clear how the npm package deal was breached to make the unauthorized modifications. Customers who’ve upgraded to 2.0.83, 2.0.84, or 1.0.110 are suggested to downgrade it again to the final secure model launched seven months in the past (2.0.82). Nevertheless, doing so doesn’t take away the malware from the system.
Source link