Malicious JetBrains Plugins Steal AI API Keys in Large-Scale Campaign
Security researchers at Aikido Security uncovered a coordinated malware campaign targeting developers via the JetBrains Marketplace, where at least 15 malicious plugins were designed to steal AI API keys from users. The plugins, disguised as legitimate AI coding assistants, code-review tools, and Git utilities, exploited integrations with services like OpenAI, DeepSeek, and SiliconFlow to harvest credentials.
First published in October 2025, the plugins continued to appear as recently as June 10, 2026, with nearly 70,000 cumulative downloads. While functioning as advertised, they secretly transmitted API keys to a hardcoded server (39.107.60[.]51) via HTTP when users saved their credentials. All 15 plugins shared near-identical malicious code, despite being listed under seven different vendor accounts.
Notably, the plugins offered a paid tier after users paid a small fee, the server provided an API key for model calls, replacing the user’s own credentials. Aikido Security noted this behavior was unusual, as legitimate operators would not distribute unrestricted paid API keys.
The most downloaded plugins DeepSeek AI Assist (27,727 downloads) and CodeGPT AI Assistant (25,571 downloads) remained available on the Marketplace at the time of reporting. However, researchers cautioned that download counts could be inflated. BleepingComputer independently verified the credential-theft code in the DeepSeek AI Assist plugin.
While malicious packages are common on platforms like npm and PyPI, such campaigns are rare on the JetBrains Marketplace. JetBrains had not responded to inquiries at the time of publication. The full list of compromised plugins includes tools like DeepSeek Git Commit, AI Coder Review, and Coding Simple Tool.
JetBrains TPRM report: https://www.rankiteo.com/company/jetbrains-platform
DeepSeek TPRM report: https://www.rankiteo.com/company/deepseek-ai
OpenAI TPRM report: https://www.rankiteo.com/company/openai
"id": "jetopedee1781648632",
"linkid": "jetbrains-platform, openai, deepseek-ai",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Developers (nearly 70,000 '
'plugin downloads)',
'industry': 'Software Development',
'name': 'JetBrains Marketplace',
'type': 'Software Marketplace'},
{'industry': 'Artificial Intelligence',
'name': 'OpenAI',
'type': 'AI Service Provider'},
{'industry': 'Artificial Intelligence',
'name': 'DeepSeek',
'type': 'AI Service Provider'},
{'industry': 'Artificial Intelligence',
'name': 'SiliconFlow',
'type': 'AI Service Provider'}],
'attack_vector': 'Malicious Plugins',
'data_breach': {'data_exfiltration': 'Yes (transmitted to hardcoded server '
'39.107.60[.]51)',
'number_of_records_exposed': 'Nearly 70,000 potential '
'exposures (plugin downloads)',
'sensitivity_of_data': 'High (API keys for AI services)',
'type_of_data_compromised': 'AI API keys'},
'date_detected': '2025-10-01',
'date_publicly_disclosed': '2026-06-10',
'description': 'Security researchers at Aikido Security uncovered a '
'coordinated malware campaign targeting developers via the '
'JetBrains Marketplace, where at least 15 malicious plugins '
'were designed to steal AI API keys from users. The plugins, '
'disguised as legitimate AI coding assistants, code-review '
'tools, and Git utilities, exploited integrations with '
'services like OpenAI, DeepSeek, and SiliconFlow to harvest '
'credentials. The plugins transmitted API keys to a hardcoded '
'server when users saved their credentials. The campaign '
'involved plugins listed under seven different vendor accounts '
'with nearly 70,000 cumulative downloads.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'JetBrains Marketplace and affected AI '
'service providers',
'data_compromised': 'AI API keys (OpenAI, DeepSeek, SiliconFlow)',
'operational_impact': 'Potential unauthorized access to AI '
'services using stolen credentials',
'systems_affected': 'Developer environments using JetBrains '
'plugins'},
'initial_access_broker': {'entry_point': 'JetBrains Marketplace plugins',
'high_value_targets': 'Developers using AI '
'services'},
'investigation_status': 'Ongoing',
'motivation': 'Credential theft, potential financial gain from stolen API '
'keys',
'post_incident_analysis': {'root_causes': 'Lack of plugin vetting on '
'JetBrains Marketplace, hardcoded '
'malicious server for credential '
'theft'},
'recommendations': 'Developers should verify plugin authenticity, avoid '
'saving sensitive credentials in plugins, and monitor for '
'unauthorized API usage.',
'references': [{'date_accessed': '2026-06-10', 'source': 'Aikido Security'},
{'date_accessed': '2026-06-10', 'source': 'BleepingComputer'}],
'response': {'third_party_assistance': 'Aikido Security'},
'title': 'Malicious JetBrains Plugins Steal AI API Keys in Large-Scale '
'Campaign',
'type': 'Malware Campaign',
'vulnerability_exploited': 'Legitimate plugin disguise, credential harvesting '
'via hardcoded server'}