Cybersecurity researchers have uncovered a coordinated malware campaign targeting developers and AI users through the JetBrains ecosystem and Google Chrome extensions, exposing sensitive AI API keys and chatbot conversations to threat actors.
The operation highlights a growing trend of supply chain attacks focused on developer tools and browser extensions that handle high-value data such as cloud credentials, API tokens, and AI interactions.
Malicious Plugins on JetBrains Marketplace Steal AI API Keys
Security researchers from Aikido Security have identified at least 15 malicious plugins published on the JetBrains Marketplace that disguise themselves as AI-powered coding assistants.
These plugins impersonate tools built on large language models such as DeepSeek and other AI systems, offering features like code generation, bug detection, commit message creation, and automated testing.
However, once installed, the plugins prompt users to enter AI provider API keys—then secretly exfiltrate them to attacker-controlled infrastructure.
Key technical findings:
- API keys are transmitted in plaintext over HTTP
- Data is sent to a remote server identified as 39.107.60[.]51
- Plugins remain functional, masking malicious behavior behind legitimate features
According to researchers, the campaign has been active since late October 2025, with new malicious uploads continuing as recently as June 2026. Two of the most widely downloaded plugins reportedly exceed 25,000 installs each, though analysts suspect possible artificial inflation of download counts.
Fake AI Coding Tools Spread Across Multiple Plugin Variants
The malicious extensions appear under different names but share nearly identical code structures. Confirmed variants include:
- DeepSeek Junit Test
- DeepSeek Git Commit
- AI Git Commitor
- DeepSeek AI Chat
- AI Coder Review
- CodeGPT AI Assistant
- DeepSeek AI Assist
- Coding Simple Tool
- and several other AI-branded developer utilities
Despite their differences in branding, all variants require users to input API credentials from providers such as OpenAI, SiliconFlow, or DeepSeek.
Researchers warn that the design suggests a unified operator behind the campaign, rather than isolated malicious developers.
“Paid Tier” Trick Used to Rotate Stolen API Keys
A particularly unusual feature discovered in the plugins is a so-called “donation or paid tier” system.
After users pay a small fee, the plugin retrieves a working API key from the attacker’s server and replaces the user’s original credentials. This allows continued AI functionality while shifting usage costs to compromised victims.
Security analysts note this behavior is highly suspicious, as legitimate AI service providers do not distribute unrestricted API keys in this manner.
Experts believe the attackers may be monetizing stolen credentials by redistributing them to other users, effectively turning compromised accounts into a shared AI computing resource.
Chrome Extensions Found Harvesting AI Chat Conversations
In a separate but related discovery, researchers identified two Google Chrome extensions functioning as covert data collection tools targeting AI chatbot users. The campaign, internally dubbed PromptSnatcher, was identified by researcher Jean-Marie R.
The affected extensions include:
- Smart Adblocker (ID: iojpcjjdfhlcbgjnpngcmaojmlokmeii) — ~90,000 users
- Adblock for Browser (ID: jcbjcocinigpbgfpnhlpagidbmlngnnn) — ~10,000 users
Both extensions are available on the Chrome Web Store and were initially released as legitimate ad blockers. However, later updates reportedly introduced hidden tracking mechanisms.
AI Platforms Targeted in Data Collection
The extensions were found to intercept sensitive user data from major AI platforms, including:
- ChatGPT by OpenAI
- Claude by Anthropic
- Gemini by Google
- Microsoft Copilot by Microsoft
- Perplexity AI
- Grok by xAI
- Meta AI
The collected data reportedly includes full conversation history, usage patterns, and account-tier information, which is then transmitted to external servers without clear user consent.
“Prompt Poaching” Attack Technique Raises Concerns
Security experts describe the activity as part of a broader tactic known as prompt poaching, where browser extensions silently capture AI prompts and responses under the guise of enhancing user experience or improving analytics.
Although the extensions claim to use legitimate ad-blocking filter lists, researchers found that hidden telemetry channels were active in the background, enabling continuous data exfiltration.
Because the extensions have been available for years, analysts believe malicious capabilities were introduced through silent updates rather than initial releases.
Growing Threat to Developer and AI Ecosystems
The incidents underscore a rising wave of attacks targeting developer ecosystems and AI workflows. Platforms like plugin marketplaces and browser extension stores have become high-value targets due to their access to:
- API keys for paid AI services
- Cloud infrastructure credentials
- Source code repositories
- User prompts and proprietary data
Cybersecurity specialists warn that stolen AI API keys can be resold or misused for large language model abuse, leading to financial losses and data exposure.
Security Recommendations
Experts advise developers and users to:
- Treat all third-party plugins as potential code execution risks
- Avoid entering long-lived API keys into unverified tools
- Regularly rotate API credentials
- Monitor unusual API usage or billing activity
- Review browser extension permissions carefully
Conclusion
The dual discovery of malicious JetBrains plugins and compromised Chrome extensions highlights a rapidly evolving threat landscape where AI tools are becoming prime targets for cybercriminals.
As AI adoption accelerates, security researchers warn that supply chain attacks and prompt-harvesting techniques will likely continue to expand in both scale and sophistication.
