Malicious JetBrains Plugins Steal OpenAI, DeepSeek, SiliconFlow API Keys, Malicious Chrome Extensions Capture Chatbot Chats
Published
Key Takeaways
- Malicious Plugins: Researchers found 15 malicious JetBrains plugins posing as AI coding tools on the JetBrains Marketplace.
- Keys Targeted: The plugins target the exfiltration of API keys for OpenAI, DeepSeek, and SiliconFlow.
- Browser Threat: Separately, malicious Chrome extensions were found capturing chatbot conversations.
Fifteen malicious JetBrains plugins posed as legitimate AI coding tools to steal developers' AI API keys. The plugins, distributed through the official JetBrains Marketplace, target credentials tied to popular AI services while offering chat, commit messages, code review, bug finding, and unit tests. Separately, researchers identified malicious Chrome extensions capturing chatbot conversations.
Malicious Plugins on the JetBrains Marketplace
By presenting themselves as productivity tools, the plugins lured users into installing software that quietly harvested sensitive credentials from compromised environments, Aikido cybersecurity research says. Once installed, the plugins exfiltrate API keys for providers such as OpenAI, DeepSeek, and SiliconFlow.
Using them involves pasting an API key for an AI provider in the settings panel, and the call initiates immediately. While they function exactly as advertised, the report outlines that “the AI provider API key you enter gets exfiltrated to a server controlled by the attacker.”
Affected plugins listed by name and plugin ID:
- DeepSeek Junit Test (org.sm.yms.toolkit) – 1,121 downloads, released 2025-10-31
- DeepSeek Git Commit (com.json.simple.kit) – 1,894 downloads, released 2025-11-01
- DeepSeek FindBugs (org.bug.find.tools) – 1,485 downloads, released 2025-11-09
- DeepSeek AI Chat (org.translate.ai.simple) – 1,317 downloads, released 2025-11-23
- DeepSeek Dev AI (com.yy.test.ai.simple) – 740 downloads, released 2025-11-30
- DeepSeek AI Coding (com.dev.ai.toolkit) – 450 downloads, released 2025-12-06
- AI FindBugs (com.json.view.simple) – 623 downloads, released 2025-12-14
- AI Git Commitor (com.my.git.ai.kit) – 301 downloads, released 2026-01-10
- AI Coder Review (org.check.ai.ds) – 735 downloads, released 2026-01-11
- DeepSeek Coder AI (com.review.tool.code) – 3,498 downloads, released 2026-01-15
- AI Coder Assistant (org.code.assist.dev.tool) – 319 downloads, released 2026-02-01
- DeepSeek Code Review (com.coder.ai.dpt) – 278 downloads, released 2026-04-18
- CodeGPT AI Assistant (com.my.code.tools) – 25,571 downloads, released 2026-06-09
- DeepSeek AI Assist (ord.cp.code.ai.kit) – 27,727 downloads, released 2026-06-10
- Coding Simple Tool (com.dp.git.ai.tool) – 3,931 downloads, no online versions
In the paid tier plugin version, the user donates a small fee. The server sends an API key back down to the client, and the plugin starts using that key for its model calls instead, the report says.
The researchers theorize that the server harvests some victims' pasted keys to deliver them to others who pay the fee. “The keys handed to paying users may well be the keys stolen from everyone else, turning the campaign into a service that resells other people's stolen API access,” Aikido concluded.
Chrome Extensions Capturing Chatbot Chats
The campaign extends beyond the JetBrains ecosystem. Separately, researchers identified malicious Chrome extensions that harvest chatbot exchanges, including sensitive prompts and responses that may contain confidential code, business data, or personal information shared during AI interactions.
Together, the findings highlight how attackers are increasingly targeting the tools and credentials surrounding AI workflows. Developers and organizations relying on JetBrains plugins and Chrome extensions should:
- Scrutinize third-party software tied to AI services,
- Review the access granted to their API keys.
In May, malicious NuGet packages targeted Chinese .NET ecosystem developers, and in March, a GitHub phishing campaign targeted devs with fake VS Code alerts that urged patching fabricated CVEs.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular