BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Malicious JetBrains Plugins Steal AI Keys

Malicious plugins and extensions steal AI API keys and user conversations targeting developers.

  • Fifteen malicious plugins on the JetBrains Marketplace have been stealing AI provider API keys in a campaign active since October 2025.
  • Two of the fraudulent plugins, CodeGPT AI Assistant and DeepSeek AI Assist, have been downloaded over 25,000 times each, according to Aikido Security.
  • Separately, two Chrome ad blocker extensions with over 100,000 combined users have been covertly stealing user conversations with major AI chatbots.
  • The operations highlight a growing trend of threat actors targeting developers and users to steal valuable AI credentials and data.

Cybersecurity researchers have uncovered a coordinated malware campaign on the JetBrains Marketplace involving fifteen malicious plugins designed to steal AI provider keys. This ongoing threat, which began in late 2025, has successfully targeted developers through seemingly functional AI coding assistants.

- Advertisement -

Aikido Security researcher Ilyas Makari detailed that the plugins, posing as tools from DeepSeek and others, covertly exfiltrate user-entered API keys. The stolen keys are sent to a remote attacker-controlled server in plaintext, “while the genuine key owners pay the bill.”

Consequently, the campaign may operate as an illicit monetization scheme where stolen keys are shared. This activity exemplifies how threat actors are increasingly targeting developer environments for valuable secrets.

Meanwhile, a separate operation codenamed PromptSnatcher has been stealing AI chatbot conversations via malicious Chrome extensions. Two ad blocker extensions with a combined 100,000 users have been intercepting private chats from platforms like ChatGPT and Gemini.

These Prompt Poaching attacks capture full conversation histories and model usage data without clear user consent. The discovery underscores the expanding threat landscape targeting AI services and their users directly.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Chinese APT UAT-7810 Refines Malware for ORB Network

Chinese APT group UAT-7810 is expanding its LapDogs ORB network by compromising networking devices...

Musk’s Fortune Drops Below $1 Trillion After SpaceX Stock Plunge

Elon Musk is no longer a trillionaire after SpaceX stock (NASDAQ: SPCX) plunged to...

Anthropic removes hidden trackers from Claude Code after discovery

Anthropic removed hidden tracking markers from Claude Code after researchers discovered code used to...

Enlivex stock hits $0.42 low; all retail investors lose

Every retail investor who ever bought Nasdaq-listed Enlivex shares has lost money as the...

Kraken parent wins $22M arbitration award against ex-auditor Mazars

Payward, parent of crypto exchange Kraken, won a $22 million arbitration award against former...

Must Read

17 Best Audiobooks On Blockchain Technology For Beginners

If you're looking to dive into the world of blockchain technology, you're in for a treat. The field is rapidly evolving and the potential...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading