Malicious npm Packages Target Cursor, Crypto Wallets, Stealing Data

Malicious npm packages sw-cur, sw-cur1, aiide-cur, and pumptoolforvolumeandcomment stole data from over 3,200 Cursor users and targeted cryptocurrency wallets, executing arbitrary code and persisting even after removal, highlighting the importance of supply chain security.

• Malicious npm packages sw-cur, sw-cur1, and aiide-cur targeted over 3,200 Cursor users, stealing credentials and installing a backdoor
• The packages replaced legitimate Cursor code to allow arbitrary code execution, persisting even after removal
• Another npm package, pumptoolforvolumeandcomment, targeted cryptocurrency wallets and trading data related to BullX platform