JetBrains Malicious Plugins Steal Developer API Keys

by ddos · June 18, 2026

JetBrains malicious plugins stealing API keys from developers

Development acceleration tools increasingly gain access to our most precious professional secrets. Malicious plugin creators for the JetBrains Marketplace deliberately exploited this profound zone of trust. Recently, a comprehensive report detailed how multiple JetBrains IDE plugins caught stealing AI keys operated in the wild. Researchers at Aikido Security discovered at least 15 malicious extensions. These tools convincingly masqueraded as AI assistants, code verification utilities, and Git instruments. However, they secretly harvested developers’ critical API keys.

The Scope of the Exploitation Campaign

This sophisticated campaign impacted plugins associated with prominent AI services. Targeted platforms notably included OpenAI, DeepSeek, and SiliconFlow. The perpetrators strategically published these extensions across seven distinct vendor accounts. According to Aikido Security, these plugins amassed nearly 70,000 installations collectively. Nevertheless, we must remember that download counters on such platforms are highly susceptible to manipulation. Therefore, this figure does not necessarily reflect the true number of compromised users.

The Silent Theft Mechanism

Alarmingly, the malicious extensions performed their advertised functions flawlessly. The theft occurred silently during the initial configuration phase. When a user entered an API key into the plugin settings and clicked the “Apply” button, the trap engaged. The extension immediately transmitted the sensitive key to a predetermined external server via an unencrypted HTTP connection. Security specialists identified an identical, malicious code fragment across all 15 plugins, even though the extensions circulated under diverse names.

A Complex Monetization Scheme

Furthermore, Aikido Security uncovered a paid subscription tier within this nefarious scheme. In this premium mode, the rogue server provided the user with a third-party API key to query the desired AI model. The exact origin of these supplied keys remains entirely undetermined.

The report’s authors hypothesize a highly cyclical scenario. They suspect operators harvested legitimate keys from free-tier users and subsequently redistributed them to paying customers. However, the source currently lacks definitive confirmation regarding this specific operational architecture.

Prominent Offenders in the Marketplace

The initial wave of these malicious plugins infiltrated the JetBrains Marketplace in October 2025. Subsequently, new fraudulent extensions continued to emerge until June 10, 2026. Among the most prominent offenders, Aikido Security highlighted “DeepSeek AI Assist” with a staggering 27,727 downloads. They also flagged “CodeGPT AI Assistant,” boasting 25,571 downloads. BleepingComputer independently examined the current version of DeepSeek AI Assist. They conclusively verified the active presence of credential-stealing code.

Immediate Remediation Steps for Developers

At the time of publication, DeepSeek AI Assist astonishingly remained available for download in the JetBrains Marketplace. Developers must urgently identify and remove any plugins listed in the security report. Furthermore, you must immediately reissue any API keys previously entered into these extensions.

Finally, all affected users must meticulously scrutinize their request histories. You should proactively restrict key permissions wherever your service provider allows for strictly defined limits and access scopes. Vigilance is your only true defense against supply chain attacks.