Malicious JetBrains Plugins Steal AI API Keys in Large-Scale Campaign Security researchers at Aikido Security uncovered a coordinated malware campaign targeting developers via the JetBrains Marketplace, where at least 15 malicious plugins were designed to steal AI API keys from users. The plugins, disguised as legitimate AI coding assistants, code-review tools, and Git utilities, exploited integrations with services like OpenAI, DeepSeek, and SiliconFlow to harvest credentials. First published in October 2025, the plugins continued to appear as recently as June 10, 2026, with nearly 70,000 cumulative downloads. While functioning as advertised, they secretly transmitted API keys to a hardcoded server (39.107.60[.]51) via HTTP when users saved their credentials. All 15 plugins shared near-identical malicious code, despite being listed under seven different vendor accounts. Notably, the plugins offered a paid tier after users paid a small fee, the server provided an API key for model calls, replacing the user’s own credentials. Aikido Security noted this behavior was unusual, as legitimate operators would not distribute unrestricted paid API keys. The most downloaded plugins DeepSeek AI Assist (27,727 downloads) and CodeGPT AI Assistant (25,571 downloads) remained available on the Marketplace at the time of reporting. However, researchers cautioned that download counts could be inflated. BleepingComputer independently verified the credential-theft code in the DeepSeek AI Assist plugin. While malicious packages are common on platforms like npm and PyPI, such campaigns are rare on the JetBrains Marketplace. JetBrains had not responded to inquiries at the time of publication. The full list of compromised plugins includes tools like DeepSeek Git Commit, AI Coder Review, and Coding Simple Tool.