Malicious npm Packages Target macOS Version of Cursor, Infecting Over 3,200 Users

Cybersecurity researchers have identified three malicious npm packages targeting the macOS version of Cursor, a popular AI-based source code editor. These packages, disguised as development tools offering "the cheapest Cursor API," steal user credentials, retrieve an encrypted payload from an attacker-controlled infrastructure, and replace Cursor. Over 3,200 Cursor users have been infected by this backdoor, resulting in the theft of their credentials.