(RED FLAG) Potentially malicious Cursor snap impersonating as an unrelated application

Lin-Buo-Ren · August 7, 2025, 1:17pm

Hello, I would like to raise awareness regarding this snap: https://snapcraft.io/cursor.

Which impersonates the high-profile Cursor - The AI Code Editor application:

Similar application icon design(bottom: the genuine application icon)

image1080×644 66.4 KB
In the same Development application category(see the aforementioned screenshot)
Also has the impersonating application metadata set in its XDG desktop entry:

image1412×644 144 KB

…while claiming to be an entirely different kind of application in the snap listing description, potentially to avoid triggering any manual reviews:

Although I currently don’t have any concrete proof to determine whether the snap is malicious or not, I urge the @store staff to set the snap to private ASAP and conduct a thorough investigation before making it available again.

Thank you!

PS. The “Report” button is missing from the snap listing page, is this expected at the moment?

Lin-Buo-Ren · August 7, 2025, 1:42pm

Here’s a link to the snap package backup for further investigation: https://drive.google.com/file/d/1dI-xJBvXvLulcvwrXeqL7zjdf5FQSBFU/view?usp=drive_link

Lin-Buo-Ren · August 7, 2025, 1:58pm

Potential packaging source: Hadeer-Elsaeed/cursor-snap: Snap package for Cursor — AI-powered code editor for Linux

James-Carroll · August 7, 2025, 5:39pm

I’ve had a casual look at this, and while I’ve not spotted anything outright malicious, there’s some obfuscation in the init scripts that give me cause for concern.

I.E., the snap command points to a shell script, the shell script then points to another script that ultimately runs the Electron package that this ships with. This concerns me because it’s not obvious whats actually being executed and it seems to be somewhat flexible.

HERE="$(dirname "$(readlink -f "${0}")")"
EXEC=$(grep -e '^Exec=.*' "${HERE}"/*.desktop | head -n 1 | cut -d "=" -f 2- | sed -e 's|%.||g')
exec ${EXEC} "$@"

I’d compared this against what Snapcraft itself produces and against modern Core24 releases, there’s nothing like this at all. I do remember older cores were more liberal in their use of scripts like this, but cannot understand what the HERE is for. $SNAP is a hardcoded filesystem in a mount namespace. The binary path is literally immutable so it’s unnecessarily overengineered, there are no reasonable situations I can think of you’d need to seek out the binary to execute rather than know it’s where you’ve placed it yourself.

Ultimately, I run the snap on my own machine and it doesn’t actually work since it’s presumably missing libraries, and despite being strict, doesn’t use e.g., extensions to set up things like X11/Wayland/etc.

So while I don’t wanna say this is outright malicious, I would say, it will not be missed in its current state and I’d balance probability here with consequence, of which seems none, given it doesn’t work and has no active maintenance.

Edit: Looking at the source repo, the AppRun subset makes sense, the exec is dynamic because an AppImage would extract to /tmp/random-path-12345 and so the exec does need to be relative to the AppImage mount point rather than hardcoded. Concerns there have diminished but ultimately this is still a no-op snap as is and the upstream source is not reproducable because the AppImage being used for the snap isn’t actually part of the snapcraft.yaml, i.e it’s simply on the disk by magic rather than using source:.

On the whole, even if it’s not malicious, an appimage cannot simply be converted into a snap ( and trust me, I’ve actually tried to trick snapd into running a hypothetical AppSnap before! Due to magic numbers checking, it doesn’t work, but I have thought a well designed SquashFS bundle could be validly a self extracting AppImage and also a sandboxed snap at the same time ), so I’d be in favour of removing this simply because its broken.

soumyaDghosh · August 7, 2025, 9:05pm

I think they have changed the source code if they are trying to be malicious, but I have a different point of view about this.

The snap is probably AI generated. The yaml contains comments like

# Extract the AppImage once during build

# Optional: fix sandbox permissions (you can skip this if using --no-sandbox)
      if [ -f $SNAPCRAFT_PART_INSTALL/chrome-sandbox ]; then
        chmod 4755 $SNAPCRAFT_PART_INSTALL/chrome-sandbox || true
      fi

Also, look at the variables being used, SNAPCRAFT_PART as opposed to CRAFT_PART. If they understood what they are doing, they would have fixed this immediately.

But, as I cannot see those Execs discussed by @James-Carroll I also think this is malicious.

James-Carroll · August 7, 2025, 9:16pm

I did consider this myself but ultimately prefer to not jump to conclusions, I’ve been wrong before. The Github profile seems well intentioned but entirely sporadic in a way that seems it exists purely to generate history, but well, I’m a harsh critic perhaps.

They’re in $SNAP/AppRun, which is just the standard AppImage wrapper that gets executed before all AppImages; its taking over a lot of the desktop-launch functionality but fails because the snap environment isn’t typical in many ways. Ultimately it’s obfuscated but with clear causation, beyond being suspicious spam, the quick glance I’ve had doesn’t scream “virus”.

You can do things like extract the .asar bundle with npx and take a look at the Electron JS files being run, but it’s pointless doing that when if there’s a malicious payload in there, it literally isn’t capable of running, the Electron process won’t get far enough into its runtime to execute whatever payload it has, plus this is revision 1 of the snap, presumably the only one in its lifetime.

I’m an advocate of removing nonfunctional snaps, especially where they misrepresent a brand, so even if it wasn’t malicious, I’d politely encourage the author to consider getting a hand on improvements or to otherwise hide it so it doesn’t reflect badly on us all (which in reality, is me saying to the store, do it on their behalf and just undo it if we’re wrong)

soumyaDghosh · August 9, 2025, 4:32pm

I just have one question, how are they able to pack an IDE without classic confinement

popey · August 17, 2025, 12:30pm

IDEs don’t have to be classic. They just become a lot less useful if they can’t execute random binaries (like compilers and debuggers).

I imagine this snap has not been very thoroughly tested.

Besides which, it’s an AI IDE - designed for users to connect to the internet and have a remote LLM write code into files on their machine. Many IDE users will compile and execute the code they write outside the actual IDE, making it possible to use this in some circumstances.

Lin-Buo-Ren · September 21, 2025, 9:49am

A month has passed, and the snap entry is still searchable in the store:

$ cursor
Command 'cursor' not found, but can be installed with:
sudo snap install cursor

Can we get an update from the @store before we escalate this matter even further?