Backdoored by ‘Cheap’ AI: How Fake npm Packages Compromised Cursor IDE

A new supply chain attack has emerged—this time targeting macOS users of the Cursor AI code editor through rogue npm packages. In this episode, we break down how threat actors published malicious modules—sw-cur, sw-cur1, and aiide-cur—promising cheap access to Cursor's AI features. Once installed, these packages function as backdoors, stealing credentials, modifying critical application files like main.js, disabling updates, and granting persistent remote access.We’ll discuss how the attackers used social engineering tactics around “cost savings” to compromise trust, the technical breakdown of the malware’s behavior, and what this means for developers and enterprises relying on modern IDEs. With over 3,200 downloads before detection, this campaign represents a significant escalation in supply chain threats.Join us as we explore:The mechanics of the backdoor and how persistence was achievedThe risks of lateral movement in enterprise CI/CD environmentsWhat this attack says about the future of developer-focused malwareReal-world remediation steps and how to protect your development environmentsWhether you're a developer, CISO, or security researcher, this episode will give you a sharp look into a growing and deeply concerning attack vector.

There are no comments yet.

Please log in to write the first comment.