Threat Research

Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS

SocketDev
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
EXTRACT IOC
Three malicious npm packages target macOS Cursor AI IDE by stealing credentials, injecting backdoors, and disabling updates to maintain persistence, exploiting developer trust in their tools and posing risks of code theft and supply chain attacks. (Affected: macOS developers, Cursor AI IDE, software supply chain)

Keypoints :

  • Three malicious npm packages (sw-cur, sw-cur1, aiide-cur) target macOS Cursor AI code editor.
  • Packages disguise as cheap Cursor API tools to lure developers seeking discounted AI services.
  • They harvest user credentials and send them to attacker-controlled servers.
  • Download an encrypted secondary payload, decrypt it, and overwrite Cursor’s main.js to backdoor the IDE.
  • sw-cur disables Cursor’s auto-update and kills related processes to ensure persistence.
  • The malware uses npm aliases gtr2018 and aiide, and remains live on the npm registry.
  • The attack leverages supply chain compromise to embed persistent remote access within trusted developer environments.
  • Compromised IDE risks include credential theft, code exfiltration, and potential malicious code injection.
  • Organizations should restore Cursor from verified sources, rotate credentials, and audit code repositories.
  • Socket’s security tools detect and block such threats by monitoring suspicious package behavior in real time.

MITRE Techniques :

  • Supply Chain Compromise (T1195.002) – Trojanizing software supply chain packages to backdoor developer tools.
  • Command & Scripting Interpreter: JavaScript (T1059.007) – Executing malicious JavaScript code within the IDE.
  • Stage Capabilities: Upload Malware (T1608.001) – Downloading and decrypting additional payloads post-installation.
  • User Execution: Malicious File (T1204.002) – Executing malicious scripts upon package installation prompting user action.
  • Obfuscated Files or Information: Encrypted/Encoded File (T1027.013) – Using AES-encrypted and gzip-compressed JavaScript loader.
  • Hijack Execution Flow (T1574) – Overwriting main.js to inject attacker-controlled logic.
  • Application Layer Protocol: Web Protocols (T1071.001) – Exfiltrating credentials via HTTP GET requests to C2 servers.
  • Exfiltration Over C2 Channel (T1041) – Sending stolen credentials and receiving payloads through controlled domains.

Indicator of Compromise :

  • Includes malicious npm package names: sw-cur, sw-cur1, aiide-cur.
  • Indicators related to threat actor aliases: npm aliases gtr2018, aiide.
  • Includes email addresses used by threat actors: 404228858@qq[.]com, touzi_xiansheng@outlook[.]com.
  • C2 server domains used for exfiltration and payload delivery: cursor[.]sw2031[.]com, t[.]sw2031[.]com, aiide[.]xyz.
  • Hardcoded AES key used for decrypting second-stage payload: a8f2e9c4b7d6m3k5n1p0q9r8s7t6u5v4.
  • File paths targeted for modification: /Applications/Cursor.app/Contents/Resources/app/extensions/cursor-always-local/dist/main.js.
  • Examples of exfiltration endpoints: HTTP GET requests to cursor[.]sw2031[.]com/api/login.

Read more: https://socket.dev/blog/malicious-npm-packages-hijack-cursor-editor-on-macos

Views: 38

Tags: EXFILTRATION, PASSWORD, IMPACT, PERSISTENCE, LATERAL MOVEMENT, PAYLOAD, BROWSER, CREDENTIAL