What happened
Aikido Security discovered at least 15 malicious plugins on the JetBrains Marketplace designed to steal AI API keys from developers. The campaign targets popular AI services (OpenAI, DeepSeek, SiliconFlow). After a developer pays a small fee via the plugin's donation wall, the plugin receives a working (but unrestricted) API key from the attacker's server and uses that for model calls instead of the developer's own key.
Why it matters
JetBrains IDEs are trusted development environments where developers configure AI coding assistants. Stolen API keys give attackers direct access to premium AI model APIs (GPT-5, Claude, etc.) and allow exfiltration of proprietary code sent to models for analysis. The attacker gains insight into the developer's codebase, project structure, and AI usage patterns.
Attack vector
Developer installs malicious JetBrains plugin from Marketplace. After user enters their AI provider API key (OpenAI, DeepSeek, SiliconFlow) in plugin settings, the plugin exfiltrates the key to attacker-controlled server and returns a free unrestricted key for attacker's account, allowing attackers to use the victim's paid API quota.
Affected systems
JetBrains Marketplace plugins acting as AI assistants, code reviewers, Git utilities (at least 15 plugins including DeepSeek AI Assist, OpenAI integrations, SiliconFlow tools)
Mitigation
Remove malicious plugins from JetBrains Marketplace; audit JetBrains IDE plugin settings for suspicious AI integrations; rotate compromised API keys