Security researchers at Aikido Security have discovered a malware campaign involving at least 15 malicious plugins on the JetBrains Marketplace. The plugins were designed to steal AI API keys from developers and have been downloaded nearly 70,000 times.
The plugins, published under seven different vendor accounts, were masked as AI coding assistants, code-review tools, and Git utilities. The plugins supported popular AI services, including OpenAI, DeepSeek, and SiliconFlow.
According to Aikido, the malicious plugins first appeared in October 2025, with new versions continuing to be uploaded as recently as June 10, 2026. While the plugins worked as advertised, they, at the same time, sent users' AI API keys to a server controlled by the attackers.
The theft occurred when users entered an API key into the plugin settings and clicked ‘Apply.’ Researchers found that all 15 plugins contained similar code that transmitted the credentials to a hardcoded remote server.
Aikido also discovered a paid feature in the plugins. After paying a fee, users would receive an AI API key from the server, allowing them to use AI services without providing their own credentials. Researchers believe the operators may have been collecting API keys from free users and redistributing them to paying customers.