Cybersecurity researchers have flagged three malicious NPM packages designed to target the Apple MacOS version of Cursor, a source code editor powered by the popular AI (AI).
Troubled with developer tools that provide the “cheapest cursor API” these packages steal user credentials, get encrypted payloads from threat actor control infrastructure, overwrite the cursor’s main file, maintain persistence, disable autoconfiguration, and maintain tenacity.
The package in question is listed below –
All three packages can be downloaded from the NPM registry. “Aiide-Cur” was first released on February 14th, 2025. Uploaded by a user named “Aiide”. The NPM library is described as a “command line tool for configuring the MACOS version of the cursor editor.”
According to the software supply chain security company, the other two packages were released one day ago by threat actors under the alias “GTR2018.” In total, the three packages have been downloaded over 3,200 times so far.
The library is designed to harvest user-supported cursor credentials once installed and retrieve the next stage payload from the remote server (“T.SW2031[.]com “or” api.aiide[.]xyz “), it is used to replace legitimate cursor-specific code with malicious logic.
“SW-CUR” takes the first step of disabling the automatic cursor update mechanism and terminating all cursor processes. The NPM package proceeds to restarting the application so that the patched code is enabled, allowing threat actors to execute arbitrary code within the context of the platform.
“This campaign highlights the growing supply chain threat, prompting threat actors to use malicious patches to compromise on trustworthy local software,” Boychenko said.
The selling point here is that attackers are trying to take advantage of developers’ benefits for AI and those looking for cheaper royalties to access AI models.
“The use of the threat actor’s catchphrase, “The Cheap Cursor API,” may be targeting this group, seducing users with the promise of discounted access while quietly unfolding the backdoor,” the researchers added.
This disclosure occurred because sockets discovered two other NPM packages (Pumptoolforvolumeand and Debugdogs) and provided an obfuscated payload that siphoned up trading data related to cryptocurrency platforms called Macos Systems. The captured data is surrounded by telegram bots.
“Pumptoolforvolumeandcomment” was downloaded 625 times, but “Debugdogs” was published to NPM in September 2024 by a user named Olumideyo, resulting in a total of 119 downloads.
“DebugDogs simply calls Pumptoolforvolumeand Commment, which makes it a convenient payload for secondary infections,” said security researcher Kush Pandya. “This ‘wrapper’ pattern doubles in the main attack, making it easier to spread the malicious code in the core over multiple names without changing it. ”
“This highly targeted attack could empty your wallet and reveal sensitive credentials and transaction data in seconds.”
“Rand-User-Agent” NPM package breached by supply chain attacks
The discovery continues in Aikido’s report on supply chain attacks that compromise legitimate NPM packages called “Rand-User-Agent” and inject code that hides Remote Access Trojans (RATs). Versions 2.0.83, 2.0.84, and 1.0.110 are known to be malicious.
A newly released version for each security researcher Charlie Eriksen is designed to establish communication with external servers, change current working directory, upload files, and receive commands that allow you to execute shell commands. The compromise was detected on May 5, 2025.
At the time of writing, the NPM package has been removed, and the associated GitHub repository is no longer accessible, redirecting users to 404 pages.
It is currently unclear how the NPM package was violated to make unauthorized changes. Users who upgrade to 2.0.83, 2.0.84, or 1.0.110 are advised to downgrade to the last SAFE version (2.0.82) released seven months ago. However, doing so will not remove malware from your system.
Source link
