Researchers have discovered a cybersecurity attack against the macOS version of the Cursor AI code editor, compromising over three thousand users. The attack involves malicious npm packages stealing credentials and modifying files to gain persistent backdoor access. Socket cybersecurity researchers identified three specific malicious packages targeting macOS Cursor IDE users: sw‑cur, sw‑cur1, and aiide-cur.
These packages are designed to steal user credentials and download encrypted payloads that establish a backdoor, leading to persistent unauthorized access. When executed, the malicious scripts harvest user credentials, retrieve encrypted secondary payloads from threat actor-controlled infrastructure, decrypt and decompress them, and replace critical Cursor-specific code with attacker-controlled logic. Additionally, the sw‑cur package disables Cursor’s auto-update mechanism, giving threat actors continuous remote-controlled execution capabilities within the user’s IDE.
Users who have downloaded these malicious packages face significant risks. For individuals, the compromised IDE poses direct threats such as credential theft, code exfiltration, and potential delivery of additional malware. By obtaining Cursor credentials, threat actors can access paid services and any codebase the victim opens within the IDE.
Compromised Cursor IDE poses threats
Because the injected code runs with the user’s privileges, further malicious scripts can execute undetected. In enterprise environments or open source projects, these risks are magnified.
A trojanized IDE on a developer’s machine can leak proprietary source code, introduce malicious dependencies into builds, or serve as a foothold for further movement within continuous integration/continuous deployment (CI/CD) pipelines. The disabled auto-update mechanism allows the malicious code to stay active for extended periods. Organizations suspecting compromise should take steps to restore Cursor from a verified installer, rotate all affected credentials, and audit source control and build artifacts for signs of unauthorized changes.
Socket’s tools can detect and block such threats before they infiltrate production environments by analyzing package behavior in real time. This attack highlights the increasing challenge organizations face from software supply chain threats. It underscores the growing trend of attackers leveraging malicious patches to compromise trusted local software.
These findings align with other research documenting npm-based attacks, reinforcing a clear and expanding pattern of stealthy, patch-based compromises delivered through widely used package managers like npm. macOS Cursor users should immediately verify their installations for compromise and take necessary actions to mitigate any threats.
Noah Nguyen is a multi-talented developer who brings a unique perspective to his craft. Initially a creative writing professor, he turned to Dev work for the ability to work remotely. He now lives in Seattle, spending time hiking and drinking craft beer with his fiancee.
