thehackernews.com web signal

Aikido Uncovers 15 JetBrains Plugins Stealing AI API Keys

deepseek openai cybersecurity coding tools ai-security credential-theft supply-chain

Key insights

  • Aikido Security found 15 JetBrains plugins stealing API keys for OpenAI, DeepSeek, and SiliconFlow since October 2025.
  • CodeGPT AI Assistant and DeepSeek AI Assist each exceeded 25,000 downloads before the campaign was exposed.
  • Stolen keys are sent in plaintext HTTP to attacker server 39.107.60[.]51 and resold as paid API access.

Why this matters

Developer tooling supply chains are now a confirmed primary vector for AI credential theft at scale, with this campaign running undetected for eight months inside an official marketplace. API key theft that feeds an illicit resale service creates compounding exposure: victims face unauthorized usage charges from OpenAI, DeepSeek, or SiliconFlow, plus potential leakage of any prompt data sent under those stolen credentials. The simultaneous PromptSnatcher Chrome extension campaign targeting Claude, ChatGPT, Gemini, and Copilot suggests a broader pattern of tooling-layer attacks specifically designed to harvest AI users at the point of interaction.

Summary

Aikido Security has uncovered a coordinated malware campaign running inside the JetBrains Marketplace since October 2025, with 15 plugins that mimic AI coding assistants while silently draining developer API keys. The plugins target credentials for OpenAI, DeepSeek, and SiliconFlow. Two plugins alone, CodeGPT AI Assistant and DeepSeek AI Assist, each crossed 25,000 downloads. Once installed, stolen keys are transmitted in plaintext HTTP to the attacker-controlled server 39.107.60[.]51. Operators then monetize the operation by collecting payments and distributing victims' API keys as "free credentials" to paying customers. Essentially: (Aikido Security, JetBrains Marketplace) are at the center of a long-running developer supply-chain attack that repurposes legitimate AI tooling as credential-harvesting cover. - All 15 plugins share similar code and received new releases as recently as June 10, 2026. - The theft-as-a-service model closes the loop: attackers profit from key theft and again from selling stolen access. - A separate PromptSnatcher campaign used Chrome ad blocker extensions to capture full AI chatbot conversations from users of Claude, ChatGPT, Gemini, and Copilot. For developers, the JetBrains plugin supply chain is now a confirmed attack surface, and the campaign's eight-month runtime suggests marketplace vetting has not kept pace.

Potential risks and opportunities

Risks

  • Developers who installed CodeGPT AI Assistant or DeepSeek AI Assist (25,000+ installs each) likely have live API keys already in circulation on the attacker's server at 39.107.60[.]51.
  • OpenAI, DeepSeek, and SiliconFlow customers with compromised keys face ongoing unauthorized spend as long as the attacker's paid resale service remains operational.
  • PromptSnatcher's combined 100,000-user Chrome extension footprint (Smart Adblocker at 90,000 users; Adblock for Browser at 10,000 users) exposes full AI conversation histories across Claude, Gemini, Copilot, ChatGPT, and Grok.

Opportunities

  • Marketplace security vendors focused on plugin code scanning (Aikido Security, Snyk, Socket.dev) gain a concrete, high-profile incident to drive budget unlocks at enterprise IDE buyers.
  • API key lifecycle management providers can position automated rotation and anomaly detection directly at affected OpenAI, DeepSeek, and SiliconFlow customers whose keys may already be compromised.
  • JetBrains faces structural pressure to implement mandatory plugin code review or signed verification, creating an opening for security tooling vendors to build certification workflows around IDE marketplaces broadly.

What we don't know yet

  • JetBrains removal timeline: the article does not confirm whether all 15 plugins have been taken down or when JetBrains was notified and acted.
  • Total install count across all 15 plugins is not stated; only CodeGPT AI Assistant and DeepSeek AI Assist are named with 25,000+ downloads each, leaving aggregate exposure unknown.
  • Whether the JetBrains plugin campaign and the PromptSnatcher Chrome extension campaign share the same operators or server infrastructure is not addressed.

Originally reported by thehackernews.com

Read the original article →

Original headline: 15 Malicious JetBrains Marketplace Plugins Steal AI Provider API Keys From 70,000+ Developers — DeepSeek and OpenAI Integrations Used as Cover