Malicious AI coding assistants have been discovered on the JetBrains Marketplace, with hackers using them to steal API keys from developers. At least 15 fake plugins, downloaded nearly 70,000 times and bolstered by fake reviews, were identified as part of this scheme. The stolen keys primarily belong to DeepSeek and OpenAI, among others. AI
IMPACT Compromised AI tools can lead to widespread data breaches and erosion of trust in AI-powered development environments.
RANK_REASON The cluster describes malicious software distributed through a third-party marketplace, impacting users of AI tools.
Read on Mastodon — sigmoid.social →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →