At least 15 malicious plugins designed to steal AI API keys from developers have been discovered on the JetBrains Marketplace, according to Aikido Security. The troubling findings were reported on June 11, 2026, amid growing concerns about software security vulnerabilities.
What happened
Aikido Security uncovered a coordinated malware campaign involving at least 15 plugins, which posed as AI coding assistants, code-review tools, and Git utilities. These plugins leveraged popular AI services such as OpenAI and DeepSeek. “We detected a coordinated malware campaign on the JetBrains Marketplace,” warned Aikido.
Users unknowingly stored their AI provider API keys in these plugins’ settings. Once a key was entered and the user clicked “Apply,” the plugin transmitted the credential to a hardcoded server. This server is located at 39.107.60[.]51, with the URL being hxxp://39.107.60[.]51/api/software/key.
The report adds, “Each one exfiltrates the AI provider API key that you stored into its settings, and together they have been installed close to 70,000 times.”
Why it matters
The theft of API keys can lead to unauthorized access to sensitive applications and data. Developers often rely on these keys for various software functionalities, making their compromise potentially damaging. Credential theft through plugins on reputable marketplaces raises questions about how to ensure software security.
Background
The first malicious plugins were published in October 2025, with new iterations appearing as recently as June 10, 2026. Aikido’s analysis revealed that while these plugins functioned as advertised, they engaged in covert exfiltration of user credentials.
What’s next
JetBrains has been contacted regarding the malicious plugins, but no response has been received as of now. Security teams are expected to remain vigilant regarding this ongoing threat and may take further action against the malicious accounts involved.
