Coordinated Malware Campaign Steals AI API Keys From 70,000+ JetBrains IDE Users
Key Takeaways
- ▸At least 15 malicious JetBrains IDE plugins across 7 vendor accounts have exfiltrated API keys from approximately 70,000 installations, with suspicious metrics suggesting downloads may be inflated
- ▸The campaign harvests OpenAI, SiliconFlow, and DeepSeek API keys via plaintext HTTP to attacker infrastructure, enabling large-scale credential theft and potential account compromise
- ▸The plugins function as legitimate AI coding assistants while silently stealing keys—users have no UI indication or consent prompt, making detection difficult without code inspection
Summary
A coordinated malware campaign has compromised at least 15 JetBrains IDE plugins, collectively installed nearly 70,000 times, according to security research by sschueller. The fake AI coding assistant plugins, disguised as tools built on popular models like DeepSeek, capture and exfiltrate API keys for major AI providers including OpenAI, SiliconFlow, and DeepSeek to an attacker-controlled server at 39.107.60[.]51. The malicious code intercepts API keys the moment users enter them in plugin settings, forwarding them without consent via plaintext HTTP.
The campaign began in late October 2025 and continues into June 2026, with new variants still being released. All 15 plugins share the same obfuscated codebase, renamed and repackaged across seven vendor accounts. Critically, the plugins function perfectly as advertised—offering legitimate AI coding assistance features like chat, code review, and unit test generation—making the malicious payload invisible to users who don't inspect the source code. Some versions operate a paid tier in which users pay a fee to receive API keys from the attacker, potentially stolen credentials from other victims, effectively transforming the campaign into an API reselling operation.
- Some plugin variants operate a two-tier scheme: harvesting keys from free users and reselling them to paying customers, potentially victimizing both developers and AI provider companies
- IDE plugin ecosystems remain frequent targets for supply chain attacks due to the strategic value of developer machines and their access to production credentials and source code
Editorial Opinion
This coordinated campaign exposes a fundamental tension in developer tool security: plugins that legitimately need API credentials have inherent access to sensitive data, creating implicit trust that attackers exploit ruthlessly. The scale and persistence of this operation—spanning over 70,000 installations and 7+ months—demonstrates that supply chain attacks through IDE marketplaces remain highly profitable and difficult to detect. The reselling of stolen API keys adds a predatory layer, victimizing both the original key holders and paying users who unwittingly receive compromised credentials. Marketplace operators like JetBrains must implement rigorous security auditing, code review, and behavioral anomaly detection to protect the developer ecosystem.
