Key takeaway: At least 15 compromised JetBrains plugins impersonate AI coding assistants and exfiltrate API keys from AI providers such as DeepSeek.
Security researchers have uncovered a coordinated malware campaign on the JetBrains Marketplace that has published at least 15 malicious plugins. These extensions masquerade as AI coding assistants while stealing access keys from AI providers.
Cybersecurity researchers have identified a coordinated malware campaign on the JetBrains Marketplace. Attackers have published at least 15 malicious plugins specifically designed to exfiltrate authentication keys from AI providers.
The compromised plugins present themselves as AI coding assistants based on language models such as DeepSeek. They claim to provide features such as chat interfaces, automatic commit messages, code review, error detection, and unit test generation. For CISOs, this represents a critical risk: developers install such tools expecting to boost their productivity, but in doing so grant access to stored API keys and environment variables in their development environment.
The coordination of multiple malicious plugins points to an organized campaign deliberately infiltrating the JetBrains community. This underscores the need for measures such as marketplace audits, plugin signature verification, and regular security reviews of development environments.
Source: thehackernews.com · Published 17 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.