CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 17, 2026

Multiple JetBrains IDE Plugins 70,000+ Installs Caught Stealing AI keys

Cybersecurity News Archived Jun 17, 2026 ✓ Full text saved

A large-scale malware campaign has been uncovered on the JetBrains Marketplace, where at least 15 malicious IDE plugins were found stealing sensitive API keys from developers. These plugins, downloaded over 70,000 times, were published under seven different vendor accounts and disguised as legitimate AI-powered coding assistants. According to Aikido’s research, the malicious plugins claimed to […] The post Multiple JetBrains IDE Plugins 70,000+ Installs Caught Stealing AI keys appeared first on

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Multiple JetBrains IDE Plugins 70,000+ Installs Caught Stealing AI keys By Abinaya June 17, 2026 A large-scale malware campaign has been uncovered on the JetBrains Marketplace, where at least 15 malicious IDE plugins were found stealing sensitive API keys from developers. These plugins, downloaded over 70,000 times, were published under seven different vendor accounts and disguised as legitimate AI-powered coding assistants. According to Aikido’s research, the malicious plugins claimed to offer useful developer features such as AI chat, code generation, bug detection, commit message creation, and unit test writing. They appeared functional and delivered the promised features, making them difficult to detect. However, behind the scenes, they were silently harvesting users’ API keys. JetBrains Plugins Caught Stealing AI Keys Aikido researchers found that all identified plugins share a nearly identical codebase that has been slightly modified and republished under different names. To use these tools, developers must enter API keys for services such as OpenAI, DeepSeek, or SiliconFlow. Once the user enters the API key and clicks “Apply,” the plugin immediately captures and exfiltrates the key without any warning or consent. The malicious logic is embedded in the plugin’s settings handler, enabling instant, invisible data theft. The stolen API keys are sent via an HTTP POST request to a hardcoded command-and-control (C2) server located at 39.107.60[.]51. The communication occurs over plaintext HTTP, exposing sensitive credentials to interception and misuse. The plugins also include a paid tier, which raises further concerns. After users make a payment, the plugin receives a new API key from the attacker-controlled server. It begins using it instead of the user’s original key. Aikido suggests this may indicate a resale scheme, where stolen API keys from victims are redistributed to paying users. This allows attackers to monetize both stolen credentials and paid subscriptions while shifting operational costs to unsuspecting victims. The campaign dates back to October 2025, with new malicious plugins continuing to appear as recently as June 2026. Aikido noted that the actual impact may be higher than reported, as download counts can be manipulated and fake positive reviews were observed on plugin listings. Integrated Development Environments (IDEs) are increasingly targeted in supply chain attacks because they hold highly sensitive data. These include source code, credentials, signing keys, and now AI service API keys. Plugins typically run with high privileges and are trusted by developers, making them an ideal vector for stealthy attacks. Even with JetBrains’ manual review process, small hidden malicious functions can evade detection. Indicators of Compromise (IOCs) C2 Server 39.107.60[.]51 Affected Plugins DeepSeek Junit Test (org.sm.yms.toolkit) – 1,121 downloads DeepSeek Git Commit (com.json.simple.kit) – 1,894 downloads DeepSeek FindBugs (org.bug.find.tools) – 1,485 downloads DeepSeek AI Chat (org.translate.ai.simple) – 1,317 downloads DeepSeek Dev AI (com.yy.test.ai.simple) – 740 downloads DeepSeek AI Coding (com.dev.ai.toolkit) – 450 downloads AI FindBugs (com.json.view.simple) – 623 downloads AI Git Commitor (com.my.git.ai.kit) – 301 downloads AI Coder Review (org.check.ai.ds) – 735 downloads DeepSeek Coder AI (com.review.tool.code) – 3,498 downloads AI Coder Assistant (org.code.assist.dev.tool) – 319 downloads DeepSeek Code Review (com.coder.ai.dpt) – 278 downloads CodeGPT AI Assistant (com.my.code.tools) – 25,571 downloads DeepSeek AI Assist (ord.cp.code.ai.kit) – 27,727 downloads Coding Simple Tool (com.dp.git.ai.tool) – 3,931 downloads Vendor Accounts CodePilot (mycode) StackSmith (misshewei) CodeCrafter (keteme) CodeWeaver (simpledev) JetCode (skyblue) DailyCode (dialycode) ZenCoder (947cb4c8-5db1-4cf0-8182-0aae7c433bb3) Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM. Mitigations Aikido recommends that developers immediately remove any affected plugins and revoke exposed API keys. It is critical to rotate credentials and monitor for unusual API usage or billing spikes. Security experts recommend treating IDE plugins as high-risk dependencies. Avoid entering sensitive credentials into unverified tools and rely only on trusted publishers. Organizations should also deploy endpoint monitoring solutions and software supply chain security tools to detect malicious packages early and prevent compromise. This campaign highlights the growing risk of developer-focused attacks and the importance of vigilance when integrating third-party tools into development environments. CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine” – Book Your Spot Here Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Kodak Confirms Data Breach Following ShinyHunters’ Claim of Stolen Customer Records OpenClaw AI Agent Leaks Sensitive Credentials in New Phishing Attack Simulation China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation Using Real-Time Network Monitoring to Spot Suspicious Application Behavior on macOS Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets Latest News Cyber Security FortiBleed – 70,000+ Fortinet Firewalls Compromised in Massive Exploitation Attack Cyber Security News FishMonger Hackers Expands SprySOCKS Backdoor From Linux to Windows With Advanced Stealth Features Cyber Security News ErrTraffic MaaS Uses Fake reCAPTCHA and Cloudflare Turnstile Lures to Execute PowerShell Commands Cyber Security News CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks Cyber Security News Fortra Access Manager Vulnerability Enables Remote Command Injection Attacks
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 17, 2026
    Archived
    Jun 17, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗