Malicious JetBrains Marketplace Plugins Steal AI API Keys From Developers

The JetBrains Marketplace, a primary distribution channel for IDE extensions, has seen a surge in AI‑powered plugins as developers integrate large language models into their workflow. While these tools promise productivity gains, the recent discovery by Aikido Security reveals how the marketplace can become a vector for credential theft. By embedding covert HTTP calls that capture API keys the moment a user clicks "Apply," the malicious plugins exploit a trust relationship between the IDE and its extensions, turning a convenience feature into a data exfiltration channel.

The campaign targets API keys for services such as OpenAI, DeepSeek, and SiliconFlow—credentials that often carry per‑token pricing and can quickly accrue significant costs. Once harvested, the keys are sent to a remote server, enabling attackers to run unlimited model queries at the victim's expense. Some plugins even offer a paid tier that redistributes these stolen keys to paying users, effectively monetizing the breach. For enterprises and freelance developers alike, the financial implications are twofold: direct charges from unauthorized AI usage and indirect risks of exposing proprietary code or confidential prompts.

This incident underscores the need for stricter vetting processes within plugin marketplaces and heightened awareness among developers. Organizations should enforce policies that limit the storage of sensitive credentials within IDE extensions and monitor outbound traffic for anomalous HTTP requests. JetBrains, as the platform steward, must implement automated scans for credential‑stealing patterns and provide rapid takedown mechanisms. Until such safeguards are standard, developers should scrutinize plugin provenance, favor open‑source alternatives, and consider using isolated API key vaults to mitigate exposure.