Malicious NPM Packages Targeting Cursor.com Deployed by Snyk Researcher
2025-01-14
A Snyk security researcher deployed several malicious NPM packages targeting Cursor.com, a popular AI coding company. These packages, named things like "cursor-retreival" and "cursor-always-local", collect system data and send it to an attacker-controlled server upon installation. The attack leverages dependency confusion, aiming to trick Cursor employees into installing these public packages. While the OpenSSF package analysis scanner flagged and reported these malicious packages, NPM hasn't yet marked them as such. This highlights limitations in software supply chain security tools and emphasizes the importance of careful NPM package installation.