Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
A coordinated campaign of 15+ malicious JetBrains plugins steals AI API keys, while two Chrome extensions capture users’ AI chatbot conversations.
What’s new: A coordinated malware campaign has been identified on the JetBrains Marketplace, involving at least 15 malicious plugins that exfiltrate AI provider API keys. These plugins masquerade as AI coding assistants and have been active since October 2025, with new releases as recent as June 10, 2026. Additionally, two Chrome extensions have been discovered capturing users’ conversations with various AI chatbots, transmitting this data to attacker-controlled servers.
Who’s affected
Developers using JetBrains IDEs and Chrome users utilizing the affected ad blocker extensions are at risk. The malicious JetBrains plugins have been downloaded extensively, with some plugins reportedly having over 25,000 downloads each.
What to do
- Review and remove any suspicious JetBrains plugins from your development environment.
- Do not enter sensitive API keys into unverified plugins or tools.
- Audit installed Chrome extensions and remove any that are not from trusted sources.
- Monitor for unusual activity related to your AI provider accounts.
