Multiple plugins for JetBrains IDEs steal API keys for OpenAI, DeepSeek & Co.
At least 15 plug-ins for JetBrains IDEs transmit API keys to an external server, while otherwise offering their promised functions.
(Image: evkaz/Shutterstock.com)
Plugins have appeared on JetBrains' official marketplace that exfiltrate API keys for AI models. They do not contain typical malware that searches the computer for credentials but rather transmits a manually entered key to an external server.
The plugins for JetBrains development environments such as IntelliJ IDEA generally seem to behave as described: they use language models for code reviews, unit tests, bug finding, and other functions.
When writing this report, at least some affected plugins were still available on the JetBrains Marketplace.
Transmission to an External Server
To use the language models, they request an API key for DeepSeek, OpenAI, and SiliconFlow, among others. This key is transmitted directly to an external server after input.
(Image:Â AliaAyah / Shutterstock)
On September 22 and 23, the heise devSec 2026 will take place in Marburg. This year's focus will be on the secure software supply chain and the security aspects of Agentic AI in software development, among other topics.
The company Aikido, specializing in supply chain security, discovered 15 packages that transmit the data as unencrypted text via HTTP to the same IP address (39.107.60[.]51). The attackers do not use methods to obfuscate the code for transmitting the keys.
Resale of Usage Time with Stolen Keys?
The attackers likely sell the exfiltrated keys to other users; the plugins offer a paywall to use an API key for a small fee.
Videos by heise
According to Aikido, the first plugins appeared as early as October 2025, with the most recent one added in June 2026. Download numbers range from just over 300 to nearly 28,000. Together, all 15 plugins have nearly 70,000 installations. It is not possible to determine how many downloads were generated by the attackers themselves to make the plugins appear more attractive.
The following plugins are affected:
- DeepSeek Junit Test (org.sm.yms.toolkit)
- DeepSeek Git Commit (com.json.simple.kit)
- DeepSeek FindBugs (org.bug.find.tools)
- DeepSeek AI Chat (org.translate.ai.simple)
- DeepSeek Dev AI (com.yy.test.ai.simple)
- DeepSeek AI Coding (com.dev.ai.toolkit)
- AI FindBugs (com.json.view.simple)
- AI Git Commitor (com.my.git.ai.kit)
- AI Coder Review (org.check.ai.ds)
- DeepSeek Coder AI (com.review.tool.code)
- AI Coder Assistant (org.code.assist.dev.tool)
- DeepSeek Code Review (com.coder.ai.dpt)
- CodeGPT AI Assistant (com.my.code.tools)
- DeepSeek AI Assist (ord.cp.code.ai.kit)
- Coding Simple Tool (com.dp.git.ai.tool)
Anyone who has installed one of these or had it installed should consider entered keys compromised.
(rme)
