Hackers are using fake AI coding assistants on the # JetBrains Marketplace to steal DeepSeek, OpenAI, and other developer API keys - 15 malicious plugins, nearl
Cybersecurity researchers have identified 15 malicious plugins on the JetBrains Marketplace designed to steal API keys from AI models like DeepSeek and OpenAI. These plugins, which have accumulated nearly 70,000 downloads and employ fake reviews, have been active since October 2025. A separate Chrome extension campaign is also reportedly recording chatbot conversations. AI
IMPACT Developers using AI coding assistants should be vigilant about plugin sources to prevent API key theft and protect sensitive data.