Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats — [https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2aRb82
What’s new: A coordinated malware campaign has been identified on the JetBrains Marketplace, involving at least 15 malicious plugins that exfiltrate AI provider API keys. These plugins masquerade as AI coding assistants and have been active since October 2025. Additionally, two Chrome extensions have been discovered capturing users’ conversations with AI chatbots, collecting sensitive data under the guise of ad-blocking functionality.
Who’s affected
Developers using JetBrains IDEs and Google Chrome users who have installed the affected extensions may have their AI API keys and chatbot conversations compromised.
What to do
- Review and remove any JetBrains plugins that are not from verified sources.
- Monitor API key usage for any unauthorized access or anomalies.
- Uninstall the identified malicious Chrome extensions: Smart Adblocker and Adblock for Browser.
- Implement strict vetting processes for third-party plugins and extensions.
