Beware the “Discounted AI” Trap: Malicious NPM Packages Target MacOS Developers

Three malicious npm packages targeting macOS Cursor users are making waves in the cybersecurity world. These sneaky impostors, disguised as the “cheapest Cursor API,” steal credentials, disable updates, and unleash a payload of chaos. It’s a cautionary tale: when a deal sounds too good to be true, it probably comes with a side of malware.

3P
Published: May 9, 2025 11:53 amAdded: May 9, 2025 at 5:10 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Ah, the sweet allure of saving a buck! Who knew that trying to pinch pennies with “the cheapest Cursor API” might cost you your entire digital identity? It’s like buying a Rolex out of a van—sure, you’re saving money, but is it really worth the risk? Spoiler alert: it’s not.

Key Points:

  • Three malicious npm packages are targeting the Cursor code editor on macOS.
  • The packages steal credentials and disable updates to maintain persistence.
  • Packages have been downloaded over 3,200 times.
  • Two additional npm packages are targeting cryptocurrency data.
  • Another npm package, “rand-user-agent,” was compromised in a supply chain attack.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?