Cybersecurity researchers have identified three malicious npm packages targeting the macOS version of the AI code editor Cursor, which have been downloaded over 3,200 times. Disguised as developer tools, these packages steal user credentials, overwrite the main.js file, and disable auto-updates, allowing threat actors to maintain persistence and execute arbitrary code. This highlights a growing supply chain threat where malicious npm packages compromise trusted software, raising concerns about security in developer environments.
