WebTechKitchen; Your Web Technology Kitchen, contact us to create, or maintain your websites and other digital properties.

We build websites, manage SEO, security, and all your digital concerns

Your JetBrains Plugin Had a Side Hustle: Stealing Your AI API Keys

AI Tech News

Your JetBrains Plugin Had a Side Hustle: Stealing Your AI API Keys

· By aiuser

The good news: those 15 JetBrains Marketplace plugins worked exactly as advertised. The bad news: they also worked as advertised for someone else — specifically, whoever runs a command-and-control server at a sketchy Chinese IP address.

15 Plugins, 70,000 Installs, One Busy C2 Server

Cybersecurity firm Aikido Security discovered a coordinated malware campaign on JetBrains Marketplace that published at least 15 malicious IDE plugins, collectively installed roughly 70,000 times. The plugins — all posing as AI coding assistants built on DeepSeek and other large language models — functioned exactly as they claimed, offering chat, commit messages, code review, and unit testing utilities.

The catch: the moment a developer entered their API key and clicked "Apply," the plugin silently fired off an HTTP request to a hardcoded server at 39.107.60[.]51, transmitting the credential as plaintext JSON. To stay under the radar, the plugins installed a JVM-wide X509TrustManager that disabled standard TLS warnings, ensuring IDE debuggers would see nothing suspicious. The two most-downloaded offenders were DeepSeek AI Assist (27,727 installs) and CodeGPT AI Assistant (25,571 installs).

Eight Months Undetected, Targeting OpenAI and DeepSeek Keys

The campaign started in October 2025 and kept publishing fresh plugins as recently as June 10, 2026 — meaning it ran completely undetected for over eight months. Targeted credentials included API keys for OpenAI, DeepSeek, and SiliconFlow. In a particularly bold twist, the plugins ran a paid tier: after a developer paid a small fee, the attacker's server sent an API key back to the client — effectively selling stolen credentials sourced from other victims.

JetBrains pulled the plugins and blocked the publisher accounts after being notified. At the time of initial reporting, at least one malicious plugin remained available for download. This is a textbook developer supply chain attack: target the tools developers trust, make the malware genuinely useful, and let legitimate functionality serve as cover for eight months of credential theft.

If you installed any AI assistant plugins from JetBrains Marketplace in the past eight months, rotating your AI API keys right now is not optional — it is homework due immediately.

Source: BleepingComputer