“Cheapest Cursor API” Hides Backdoor: macOS Developers Targeted in Supply Chain Attack
Do Son 
Researchers at Socket have uncovered a new attack targeting the macOS version of the popular source code editor Cursor. Threat actors are distributing trojanized libraries via npm, luring developers with the promise of “the cheapest Cursor API,” while in reality embedding backdoors and tampering with editor files.
The malicious packages—sw-cur, sw-cur1, and aiide-cur—are disguised as development tools. All remain publicly available in the npm registry and have collectively been downloaded over 3,200 times. The earliest, gtr2018, appeared on February 13, 2025, followed by aiide-cur, published by the user aiide on February 14. The descriptions claim the libraries are CLI tools designed to configure Cursor for macOS.
Once installed, the malware exfiltrates user credentials from the editor and connects to the attackers’ remote servers—t.sw2031[.]com and api.aiide[.]xyz—to retrieve encrypted payloads. It then overwrites the main.js file in the Cursor directory, disables the auto-update mechanism, and forcibly terminates the editor’s processes before restarting it with malicious logic now embedded.
This code substitution not only enables arbitrary command execution within the trusted application’s context, but also ensures persistent access even after the npm package is removed. Full removal of the infection requires a complete reinstallation of Cursor, as the original application files remain compromised.
This tactic marks a new and insidious threat to software supply chains: instead of injecting malicious code directly into the library, attackers impersonate benign utilities and insert harmful modifications into already trusted software on the victim’s machine. As a result, the malicious code inherits the same level of privileges as the parent application—gaining access to API keys, authentication tokens, private keys, and network resources.
According to Kirill Boychenko of Socket, the campaign specifically targets developers interested in artificial intelligence, exploiting their eagerness to obtain low-cost access to AI models. The slogan “The Cheapest Cursor API” was used as bait, offering perceived value while covertly installing a backdoor.
Socket researchers also uncovered two additional macOS-targeted malicious libraries aimed at users of the cryptocurrency platform BullX. The packages—pumptoolforvolumeandcomment and debugdogs—harvest wallet keys, password files, and trading data, transmitting them via a Telegram bot. The first package was downloaded 625 times, the second 119. Notably, debugdogs simply acts as a wrapper for the first, streamlining distribution under multiple names without altering the malicious core.
This attack has the potential to cause complete financial loss within seconds and compromise critically sensitive data. Such incidents once again underscore the urgent need for robust dependency integrity checks, detection of postinstall scripts, monitoring of changes outside node_modules, and the deployment of real-time analysis tools.
Donate