Dispatch
15 Malicious JetBrains Marketplace Plugins Caught Stealing Developers' AI API Keys
JetBrains and multiple security firms disclosed on June 16 a campaign of 15 Marketplace plugins posing as AI coding assistants for OpenAI, DeepSeek, and SiliconFlow that exfiltrated developer-entered API keys in plaintext over unencrypted HTTP. Published under seven vendor accounts since October 2025, the plugins reached ~70,000 installs, led by DeepSeek AI Assist (27,727) and CodeGPT AI Assistant (25,571). JetBrains purged all 15, terminated the accounts, and remotely disabled the extensions; anyone who installed them should rotate every AI provider key.
↳ Follow the thread