Multiple JetBrains IDE Plugins 70,000+ Installs Caught Stealing AI keys
Cybersecurity NewsArchived Jun 17, 2026✓ Full text saved
A large-scale malware campaign has been uncovered on the JetBrains Marketplace, where at least 15 malicious IDE plugins were found stealing sensitive API keys from developers. These plugins, downloaded over 70,000 times, were published under seven different vendor accounts and disguised as legitimate AI-powered coding assistants. According to Aikido’s research, the malicious plugins claimed to […] The post Multiple JetBrains IDE Plugins 70,000+ Installs Caught Stealing AI keys appeared first on
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
Multiple JetBrains IDE Plugins 70,000+ Installs Caught Stealing AI keys
By Abinaya
June 17, 2026
A large-scale malware campaign has been uncovered on the JetBrains Marketplace, where at least 15 malicious IDE plugins were found stealing sensitive API keys from developers.
These plugins, downloaded over 70,000 times, were published under seven different vendor accounts and disguised as legitimate AI-powered coding assistants.
According to Aikido’s research, the malicious plugins claimed to offer useful developer features such as AI chat, code generation, bug detection, commit message creation, and unit test writing.
They appeared functional and delivered the promised features, making them difficult to detect. However, behind the scenes, they were silently harvesting users’ API keys.
JetBrains Plugins Caught Stealing AI Keys
Aikido researchers found that all identified plugins share a nearly identical codebase that has been slightly modified and republished under different names. To use these tools, developers must enter API keys for services such as OpenAI, DeepSeek, or SiliconFlow.
Once the user enters the API key and clicks “Apply,” the plugin immediately captures and exfiltrates the key without any warning or consent.
The malicious logic is embedded in the plugin’s settings handler, enabling instant, invisible data theft. The stolen API keys are sent via an HTTP POST request to a hardcoded command-and-control (C2) server located at 39.107.60[.]51.
The communication occurs over plaintext HTTP, exposing sensitive credentials to interception and misuse.
The plugins also include a paid tier, which raises further concerns. After users make a payment, the plugin receives a new API key from the attacker-controlled server. It begins using it instead of the user’s original key.
Aikido suggests this may indicate a resale scheme, where stolen API keys from victims are redistributed to paying users. This allows attackers to monetize both stolen credentials and paid subscriptions while shifting operational costs to unsuspecting victims.
The campaign dates back to October 2025, with new malicious plugins continuing to appear as recently as June 2026.
Aikido noted that the actual impact may be higher than reported, as download counts can be manipulated and fake positive reviews were observed on plugin listings.
Integrated Development Environments (IDEs) are increasingly targeted in supply chain attacks because they hold highly sensitive data.
These include source code, credentials, signing keys, and now AI service API keys. Plugins typically run with high privileges and are trusted by developers, making them an ideal vector for stealthy attacks.
Even with JetBrains’ manual review process, small hidden malicious functions can evade detection.
Indicators of Compromise (IOCs)
C2 Server
39.107.60[.]51
Affected Plugins
DeepSeek Junit Test (org.sm.yms.toolkit) – 1,121 downloads
DeepSeek Git Commit (com.json.simple.kit) – 1,894 downloads
DeepSeek FindBugs (org.bug.find.tools) – 1,485 downloads
DeepSeek AI Chat (org.translate.ai.simple) – 1,317 downloads
DeepSeek Dev AI (com.yy.test.ai.simple) – 740 downloads
DeepSeek AI Coding (com.dev.ai.toolkit) – 450 downloads
AI FindBugs (com.json.view.simple) – 623 downloads
AI Git Commitor (com.my.git.ai.kit) – 301 downloads
AI Coder Review (org.check.ai.ds) – 735 downloads
DeepSeek Coder AI (com.review.tool.code) – 3,498 downloads
AI Coder Assistant (org.code.assist.dev.tool) – 319 downloads
DeepSeek Code Review (com.coder.ai.dpt) – 278 downloads
CodeGPT AI Assistant (com.my.code.tools) – 25,571 downloads
DeepSeek AI Assist (ord.cp.code.ai.kit) – 27,727 downloads
Coding Simple Tool (com.dp.git.ai.tool) – 3,931 downloads
Vendor Accounts
CodePilot (mycode)
StackSmith (misshewei)
CodeCrafter (keteme)
CodeWeaver (simpledev)
JetCode (skyblue)
DailyCode (dialycode)
ZenCoder (947cb4c8-5db1-4cf0-8182-0aae7c433bb3)
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Mitigations
Aikido recommends that developers immediately remove any affected plugins and revoke exposed API keys. It is critical to rotate credentials and monitor for unusual API usage or billing spikes.
Security experts recommend treating IDE plugins as high-risk dependencies. Avoid entering sensitive credentials into unverified tools and rely only on trusted publishers.
Organizations should also deploy endpoint monitoring solutions and software supply chain security tools to detect malicious packages early and prevent compromise.
This campaign highlights the growing risk of developer-focused attacks and the importance of vigilance when integrating third-party tools into development environments.
CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine” – Book Your Spot Here
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Kodak Confirms Data Breach Following ShinyHunters’ Claim of Stolen Customer Records
OpenClaw AI Agent Leaks Sensitive Credentials in New Phishing Attack Simulation
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation
Using Real-Time Network Monitoring to Spot Suspicious Application Behavior on macOS
Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets
Latest News
Cyber Security
FortiBleed – 70,000+ Fortinet Firewalls Compromised in Massive Exploitation Attack
Cyber Security News
FishMonger Hackers Expands SprySOCKS Backdoor From Linux to Windows With Advanced Stealth Features
Cyber Security News
ErrTraffic MaaS Uses Fake reCAPTCHA and Cloudflare Turnstile Lures to Execute PowerShell Commands
Cyber Security News
CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks
Cyber Security News
Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks