15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys
ID: d8540204-0e0a-5725-8b11-025a5017489f
STIX ID: report--d8540204-0e0a-5725-8b11-025a5017489f
Feed Name: HackRead
Threat Score
Attackers published fake AI-assistant plugins on the JetBrains Marketplace that appear functional but hook into IDE save actions to capture and transmit developers' OpenAI/SiliconFlow/DeepSeek API keys in plaintext over unencrypted HTTP to attacker-controlled servers; roughly 15 malicious plugins across seven seller accounts were downloaded nearly 70,000 times and included a paid tier that appears to resell stolen keys.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
