Security researchers have uncovered a coordinated malware campaign on the JetBrains Marketplace involving at least 15 malicious plugins designed to steal AI API keys from developers.
The campaign was discovered by cybersecurity firm Aikido Security, which found that the plugins were published under seven different vendor accounts and had been downloaded nearly 70,000 times.
The malicious extensions presented themselves as AI coding assistants, code review tools and Git utilities powered by popular AI services, including OpenAI, DeepSeek and SiliconFlow.
According to Aikido, the first plugins appeared on the JetBrains Marketplace in October 2025, with new versions continuing to be published as recently as June 10, 2026.
Researchers said the plugins performed their advertised functions but secretly transmitted users’ AI API keys to a remote server controlled by the attackers.
The theft occurred when users entered an API key into a plugin’s settings and clicked the “Apply” button. At that point, the credential was sent to a hardcoded external server over an unencrypted HTTP connection.
Aikido found that all 15 plugins shared similar code and used the same method to collect credentials.
Researchers also discovered an unusual paid feature that provided AI API keys directly to paying users. According to Aikido, this behavior suggests that the operators may have been collecting API keys from free users and redistributing them to paid subscribers.
Cybersecurity news site BleepingComputer independently analyzed the latest version of the DeepSeek AI Assist plugin and confirmed that it contained the credential-stealing code described in Aikido’s report.
At the time of publication, the plugin was still available for download through the JetBrains Marketplace.
The two most downloaded plugins identified in the campaign were DeepSeek AI Assist, with more than 27,000 downloads, and CodeGPT AI Assistant, with over 25,000 downloads. However, researchers noted that download figures can be manipulated and may not represent unique installations.
While malicious packages are frequently discovered on software repositories such as npm and PyPI, security researchers say credential-stealing plugins on the JetBrains Marketplace are relatively rare.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
