Malicious JetBrains Marketplace Plugins Are Stealing AI API Keys

At least 15 malicious plugins on the official JetBrains Marketplace were silently exfiltrating AI API keys from developers' machines. The plugins have since been removed, but any developer who installed them during their availability window is at risk.

Why This Hits Hard

JetBrains IDEs — IntelliJ IDEA, PyCharm, WebStorm, GoLand, Rider — are industry-standard tools used by tens of millions of developers worldwide. The Marketplace is the first-party plugin repository, and it carries an implicit trust that third-party app stores don't. Developers install plugins freely and frequently, rarely auditing what each one does at the filesystem or network level.

AI API keys are a particularly high-value target. A stolen OpenAI or Anthropic key grants full programmatic access to billing-enabled endpoints — there is no MFA gate, no secondary challenge. Keys can be used to burn thousands of dollars in compute, exfiltrate context from your application's prompts, or pivot to other credentials if the same key pattern appears elsewhere.

The attack vector is blunt: a plugin runs inside your IDE with full access to your user session, environment variables, and filesystem. Keys sitting in .env files, shell profiles, ~/.config directories, or IDE credential stores are all reachable. The plugins reportedly shipped exfiltration to attacker-controlled infrastructure with no visible indication to the user.

What To Do Right Now

1. Audit your installed plugins. Open Settings → Plugins → Installed and remove anything unrecognized, unused, or with suspiciously thin review history. Cross-reference the BleepingComputer report for confirmed plugin names as they are published.

2. Rotate all AI API keys immediately. Treat every key that existed on a JetBrains IDE machine as potentially compromised until you have audited your plugin list. Rotate in the provider dashboard — OpenAI, Anthropic, Google, Cohere — and push updated secrets to CI/CD pipelines, vaults, and .env files.

3. Check for unauthorized usage. Review billing dashboards and per-key usage logs for anomalous spikes, especially off-hours activity or requests from unfamiliar IP ranges.

4. Enable hard spend limits. Most AI providers offer monthly spend caps. Set one now — it will not prevent a breach but caps the financial blast radius if a key is already out.

5. Move keys off disk. Storing API keys directly in .env files on a developer workstation is a standing liability. Use a local secrets manager (1Password CLI, Doppler, or a cloud vault with CLI injection) so keys are never written to paths a plugin can read.

Supply-chain attacks on developer tooling are not new, but AI API keys represent a direct monetization path that makes IDE plugins an attractive delivery mechanism. Expect more campaigns targeting this vector.