15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys

Cybercriminals are using fake artificial intelligence (AI) tools to target software developers in a coordinated supply chain attack on the JetBrains Marketplace. The compromise was first discovered by the Code security firm Aikido Security, which found 15 published plugins designed as AI coding assistants built on large language models (LLMs) like DeepSeek.

The first fake plugins came out at the end of October 2025, and new ones dropped as recently as June 2026. Scammers used seven different seller accounts to publish them. Collectively, people downloaded these malicious plugins nearly 70,000 times. Some of the most downloaded plugins are called CodeGPT AI Assistant and DeepSeek AI Assist. The hackers also added fake five-star reviews to make the tools look safe.

Like similar campaigns, this one’s modus operandi includes installing extensions and exfiltrating the user’s private AI authentication credentials to a static, hard-coded server controlled by attackers.

The Infiltration Method

...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE