Over 3,200 Cursor Users Infected by Malicious Credential-Stealing npm Packages (thehackernews.com) 25
Cybersecurity researchers have flagged three malicious npm packages that target the macOS version of AI-powered code-editing tool Cursor, reports The Hacker News:
"Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, and disable auto-updates to maintain persistence," Socket researcher Kirill Boychenko said. All three packages continue to be available for download from the npm registry. "Aiide-cur" was first published on February 14, 2025...
In total, the three packages have been downloaded over 3,200 times to date.... The findings point to an emerging trend where threat actors are using rogue npm packages as a way to introduce malicious modifications to other legitimate libraries or software already installed on developer systems... "By operating inside a legitimate parent process — an IDE or shared library — the malicious logic inherits the application's trust, maintains persistence even after the offending package is removed, and automatically gains whatever privileges that software holds, from API tokens and signing keys to outbound network access," Socket told The Hacker News.
"This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said.
The npm packages "restart the application so that the patched code takes effect," letting the threat actor "execute arbitrary code within the context of the platform."
In total, the three packages have been downloaded over 3,200 times to date.... The findings point to an emerging trend where threat actors are using rogue npm packages as a way to introduce malicious modifications to other legitimate libraries or software already installed on developer systems... "By operating inside a legitimate parent process — an IDE or shared library — the malicious logic inherits the application's trust, maintains persistence even after the offending package is removed, and automatically gains whatever privileges that software holds, from API tokens and signing keys to outbound network access," Socket told The Hacker News.
"This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said.
The npm packages "restart the application so that the patched code takes effect," letting the threat actor "execute arbitrary code within the context of the platform."
AI Code Editor (Score:2)
Re: (Score:1)
Re: (Score:3)
To not being replaced by someone who does twice your workload with the same effort for the same pay, by using different tools you refuse to learn how to use?
Re: (Score:3)
If AI makes me twice as productive, I should be able to go home half-way through my normal work day. But no, I just get handed twice the workload, with no adjustment in pay. What advantage is AI providing me, in any way, whatsoever? Please be *specific*.
Productivity gains are not meant to help the individual. They are meant to help the owner class and the management that work directly for the owner class. If you were somehow given the mistaken impression that productivity gains are supposed to improve your life directly, you were either lied to, or made an assumption that does not in any way relate to the reality you are living in. "Do more work for the same pay," is the intended result. Congratulations on fulfilling your purpose.
Re: (Score:1)
If AI makes me twice as productive, I should be able to go home half-way through my normal work day. But no, I just get handed twice the workload, with no adjustment in pay. What advantage is AI providing me, in any way, whatsoever? Please be *specific*.
Back in the day your great grandfather used the same reasoning and refused to use a power drill instead of a screwdriver.
Re: (Score:2)
ok but it just highlights the supply chain risks common to all of us. For now they target idiots ready to download "the cheapest API". But nothing prevents, in theory, that someone packages malicious code into a vi/vim/gvim package for a given distro. We can discuss risk factors, e.g. big vs small distro, yearly vs rolling release.
Re: AI Code Editor (Score:2)
Re: AI Code Editor (Score:2)
AI Code Inspector (Score:2)
I didn't mean use; nobody has time to *review* the code.
No problem, we can use an AI Code Inspector. ;-)
Re: (Score:2)
Please do not summon Armageddon again. World had enough crap software before LLM, IMHO.
It's almost like... (Score:2)
Re: (Score:2)
I suspect the general problem is letting third parties publish packages in official distribution without any review.
Compare with Debian, where each package has a maintainer who's independent of that package's developer.
Much slower, yes, but when you don't need the bleeding edge, that stability is worth a lot.
Containers/VMs (Score:2)
Why isn't that npm shit running in a container or VM? It sounds like the editor itself is implemented with npm packages. If that's the case, seems pretty stupid to run an editor like that to me. Maybe ask the AI to create a more secure setup for you.
Re: (Score:3)
npm has bad press because their repo is huge, very dynamic and not very well curated, and because a big portion of its users have little care or little clue. other than that it's exactly the same as any other dependency manager. npm, nuget, cargo, swift, pip, go mod, maven ... all of them load dependencies into your development environment in some way. how rigorously their repositories are curated makes a difference, but that only goes so far. indeed, ideally you would need a fresh container and a thorough
Re:Containers/VMs (Score:4, Funny)
Also I'm pretty sure it's illegal to make anything good with javascript.
Re: (Score:2)
fair point, but those deep trees are usually hipster material, it's not all of npm. yes, ecosystem has consequences here, but the fundamental problem is the same as with all package managers. other than that, i do not include deps lightly so there is always plenty of time to check, pick and choose and version freeze is your friend. if you have security support they will enforce that anyway.
Maybe our jobs aren't gone just yet (Score:4, Interesting)
Like any new technology on the bleeding edge, the promises are stratospheric, but the risks are also high. Reality always has a way of showing up, the claims are never as dramatic as the proponents say they are. And the cataclysm from feared job losses is also never as dire.
And I say that as a daily user of GitHub Copilot. It isn't as "advanced" as Cursor, in the sense that it's still just focusing on spot code changes, not trying to be your entire development system. In the context of stories like this, I see this as a good thing. It gives me the power of AI to speed up the pace of work, but also doesn't expose me to the same level of risk, since I still have to supervise closely.
Re: (Score:2)
Re: (Score:2)
The way I've been putting it is AI is going to end up filling the exact same role access databases did 15-20 years ago. A way to create a "good enough solution" for some small function in a business to get started that then rapidly approaches unsustainable as the technical debt starts to pile up and the fundamental limits of the technology start to show themselves. Then suddenly you need to start doing a "Business transition" that takes millions of dollars of developer time to clean up.