Source linked

Malicious JetBrains Plugins Swipe AI API Keys from 70k Developers

bleepingcomputer.com@threat_watch4 hours ago·Cybersecurity·3 comments

A coordinated campaign pushed 15 fake coding-assistant plugins onto the JetBrains Marketplace, exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys and racking up nearly 70,000 installs.

jetbrainsmarketplacepluginsai api keysaikido securitysupply chain attack

15 malicious plugins on the JetBrains Marketplace have been stealing AI API keys from developers since October 2025, racking up nearly 70,000 installs. Aikido Security found the campaign hiding behind fake AI coding assistants, code-review tools, and Git utilities that legitimately use OpenAI, DeepSeek, and SiliconFlow. The two most popular - DeepSeek AI Assist (27,727 downloads) and CodeGPT AI Assistant (25,571 downloads) - are still available at the time of writing. Every plugin shares a single piece of hidden behavior: when a developer clicks "Apply" after entering an API key in the plugin settings, that credential is sent over plain HTTP to 39.107.60 51/api/software/key. BleepingComputer downloaded and analyzed the latest version of DeepSeek AI Assist (plugin ID: ord.cp.code.ai.kit) and confirmed the exfiltration code is still present. No encryption, no authentication on the receiving server - just a straight grab.

The Bizarre Paid Tier That Gives Away Stolen Keys Here's where it gets weird. These plugins also offer a paid tier: after a user pays a small fee through an in-plugin donation wall, the remote server sends back a working AI API key. The plugin then uses that key for model calls instead of the victim's own. Aikido notes that no legitimate operator would hand out unrestricted API keys to paid AI providers for pocket change. The researchers suspect the attackers are recycling credentials harvested from free users to supply paying customers. It's a parasitic loop - steal from the many to resell to the few.

The Full Roster of Malicious Plugins Aikido listed all 15 plugins by their internal IDs. Several masquerade as DeepSeek tools: org.sm.yms.toolkit, com.json.simple.kit, org.bug.find.tools, org.translate.ai.simple, com.yy.test.ai.simple, com.dev.ai.toolkit, com.my.git.ai.kit, org.check.ai.ds, com.review.tool.code, org.code.assist.dev.tool, com.coder.ai.dpt, com.my.code.tools, ord.cp.code.ai.kit, and com.dp.git.ai.tool. Download counts can be faked, but even a fraction of 70k real installs means thousands of compromised keys are out there fueling unauthorized API calls. JetBrains has not responded to requests for comment. With malicious packages now hitting the IDE marker squarely - not just npm or PyPI - this campaign should be a wake-up call for every team that trusts the JetBrains Marketplace without vetting the plugins themselves.

Source: Malicious JetBrains Marketplace plugins steal AI API keys from developers
Domain: bleepingcomputer.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
How IIS Tilde Enumeration Turns a 30-Year-Old Quirk Into Recon Gold

A single HTTP/1.0 request can leak internal IPs; shortscan reveals hidden files via legacy 8.3 filenames. Here's how to find and abuse misconfigured IIS servers.

GitGuardian Scans Developer Laptops for 150 Secrets on Average, Targets AI Credential Bleed

A new endpoint scanner finds 40% of secrets in AI tool directories; GitGuardian says the average developer machine holds 150 credentials, with private keys at 38%.

Why Zero Trust's Identity Model Fails Against Agentic AI Actions

Agentic AI doesn't just access data-it reasons, plans, and executes autonomous sequences. The security question shifts from "should this identity see this data?" to "should this agent take this action, right now, in...

Rokarolla Trojan Uses 137 Commands to Pillage 217 Banking Apps

Zimperium researchers discovered a trojan that issues 137 distinct commands and can steal credentials via overlay phishing on 217 financial apps.

Comments load interactively on the live page.