AICRIER_2
OPEN FEED
YOU ARE VIEWING ONE ITEM FROM THE AICRIER FEED

Malicious JetBrains plugins exfiltrate AI API keys

AICrier tracks AI developer news across Product Hunt, GitHub, Hacker News, YouTube, X, arXiv, and more. This page keeps the article you opened front and center while giving you a path into the live feed.

EXPLORE LATEST FEEDSEE FEATURED PICKS

// WHAT AICRIER DOES

7+

TRACKED FEEDS

24/7

SCRAPED FEED

Short summaries, external links, screenshots, relevance scoring, tags, and featured picks for AI builders.

Malicious JetBrains plugins exfiltrate AI API keys
OPEN LINK ↗
// 1h agoSECURITY INCIDENT

Malicious JetBrains plugins exfiltrate AI API keys

ANNOUNCEMENTPRODUCTX

Aikido Security discovered a coordinated malware campaign where at least 15 JetBrains IDE plugins masquerading as legitimate AI coding assistants were secretly exfiltrating users' AI API keys. The plugins, installed nearly 70,000 times across seven developer accounts since October 2025, send keys for providers like OpenAI, DeepSeek, and SiliconFlow to attacker-controlled servers immediately upon configuration, where they are believed to be resold.

// ANALYSIS

This attack represents a highly targeted shift in developer supply-chain threats, exploiting the hype around AI tools to harvest high-value credentials.

  • **Low-friction monetization**: Reselling stolen API keys provides attackers with direct, immediate financial returns compared to traditional data theft.
  • **Marketplace security gaps**: Extension marketplaces remain a soft target for malware distribution, requiring vetting mechanisms before plugins are allowed to request keys.
  • **Developer oversight**: Developers need to audit their workspace extensions and use scoped or budget-limited API keys to minimize potential exposure.
// TAGS
securityjetbrains-marketplacejetbrainspluginsapi-keysmalwareai-coding-assistantssupply-chain

DISCOVERED

1h ago

2026-06-16

PUBLISHED

1h ago

2026-06-16

RELEVANCE

8/ 10

AUTHOR

AikidoSecurity