Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Cybersecurity researchers identified a coordinated malware campaign on the JetBrains Marketplace, involving at least 15 malicious plugins designed to steal artificial intelligence (AI) provider API keys. These plugins masquerade as AI coding assistants, leveraging models like DeepSeek to offer features such as chat, commit message generation, code review, bug finding, and unit tests. The campaign also includes malicious Chrome extensions that capture chatbot conversations, potentially exfiltrating sensitive data and user credentials. The researchers noted that the plugins were active for several months before detection, with some having garnered over 1,000 downloads. The attackers appear to be targeting developers by embedding malicious code within seemingly useful tools, aiming to gain unauthorized access to AI services and user data. This incident highlights the growing threat of supply chain attacks within the software development ecosystem, where compromised third-party tools can lead to widespread security breaches.