15 malicious JetBrains Marketplace plugins exfiltrate AI provider API keys on "Apply"

Aikido Security documented a coordinated campaign of at least 15 IDE plugins published under seven vendor accounts on the JetBrains Marketplace between October 2025 and June 2026, posing as AI coding assistants (built on DeepSeek, OpenAI, SiliconFlow) with roughly 70,000 combined installs (Aikido Security, 2026-06-16). The plugins function as advertised but hook the plugin settings-save handler so that the moment a user enters an AI provider API key and clicks Apply, the credential is exfiltrated to an attacker-controlled server; stolen keys are then resold as discounted "paid-tier" access while the legitimate owner pays the bill (Infosecurity Magazine, 2026-06-17). The two largest plugins (CodeGPT AI Assistant, DeepSeek AI Assist) account for most of the ~70,000 installs. Maps to T1195.001 and T1552.001 (credentials in IDE storage). Defenders should not assume the plugins have been removed from the Marketplace — inventory JetBrains plugin installs across developer fleets, rotate any AI provider keys entered into an AI-assistant plugin since October 2025, and move to IDE plugin allowlisting where possible.