logo

15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys

ID: d8540204-0e0a-5725-8b11-025a5017489f

STIX ID: report--d8540204-0e0a-5725-8b11-025a5017489f

Feed Name: HackRead

Threat Score
75/100

Date Published: 2026-06-17

Date Updated: 2026-06-17

Author: Deeba Ahmed

...
...

Attackers published fake AI-assistant plugins on the JetBrains Marketplace that appear functional but hook into IDE save actions to capture and transmit developers' OpenAI/SiliconFlow/DeepSeek API keys in plaintext over unencrypted HTTP to attacker-controlled servers; roughly 15 malicious plugins across seven seller accounts were downloaded nearly 70,000 times and included a paid tier that appears to resell stolen keys.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.