Get fresh insights, pro tips, and thought starters–only the best of posts for you.
A recently uncovered campaign involving JetBrains Marketplace malware demonstrates how attackers are targeting developer workflows through trusted tools. At least 15 plugins posing as AI coding assistants, code review tools, and developer utilities were reportedly designed to collect AI provider API keys entered by users. The incident highlights the growing importance of IDE plugin security, developer endpoint security, and governance around AI-powered development tools.
AI-powered development tools have become a staple in modern software engineering. From code generation and review to debugging and documentation, developers increasingly rely on plugins that connect directly to AI services using API keys. A newly disclosed JetBrains Marketplace malware campaign shows how that trust can be abused.
Multiple plugins published on the JetBrains Marketplace reportedly functioned as legitimate developer tools while secretly transmitting AI provider API keys to external infrastructure. The incident highlights a growing challenge for enterprises: securing the expanding ecosystem of AI-assisted development tools that operate inside trusted environments.
The campaign involved at least 15 plugins distributed through the JetBrains Marketplace under multiple publisher accounts. The plugins reportedly advertised capabilities such as AI coding assistance, code reviews, Git automation, bug detection, and DeepSeek-related functionality.
Unlike traditional malware that immediately disrupts operations, these plugins appeared to perform their advertised tasks. This likely reduced suspicion and increased the likelihood that developers would continue using them after installation.
Several of the identified plugins referenced popular AI services, including OpenAI, DeepSeek, and SiliconFlow. The two most downloaded plugins highlighted in public reporting were DeepSeek AI Assist and CodeGPT AI Assistant.
Collectively, the plugins accumulated nearly 70,000 installs according to marketplace statistics, although download counts alone should not be treated as a reliable indicator of affected users.
The incident reflects a broader trend in which attackers target software repositories, extension marketplaces, and developer ecosystems where trust plays a significant role in adoption.
Analysis of the plugins revealed a straightforward but effective method for collecting credentials.
When a developer entered an AI provider API key into the plugin’s configuration settings and clicked Apply, the plugin reportedly transmitted that credential to a hardcoded external server using HTTP.
The reported destination server was identified as 39.107.60[.]51.
What makes the activity particularly concerning is that the plugins reportedly continued providing their expected functionality. Rather than preventing users from accessing features, the tools appeared to operate normally while transmitting credentials in the background.
Public analysis also identified similarities in code and branding across multiple plugins, suggesting a coordinated campaign rather than isolated incidents.
Additionally, investigators reportedly observed a premium service model in which the server could provide API keys to paying users. While the source of those keys has not been publicly confirmed, the finding raises questions about how collected credentials may have been used.
API keys are often viewed as simple configuration values, but in many organizations they provide access to services that are deeply integrated into development workflows.
Depending on how they are used, AI provider API keys may grant access to:
As organizations expand their use of AI-assisted development, these credentials become increasingly valuable targets.
The incident also demonstrates how AI coding assistant malware can blur the line between productivity software and security risk. A malicious plugin operating inside an IDE may have visibility into developer activities, workflows, and credentials that would otherwise be difficult for an attacker to access.
For security teams, protecting AI-related credentials should be treated with the same level of importance as protecting cloud access keys, repository tokens, and other privileged development secrets.
One of the challenges highlighted by this campaign is the limited visibility many organizations have into the software running inside developer environments.
While endpoint security programs often focus on operating systems, browsers, and enterprise applications, IDE plugins can receive less scrutiny despite having access to sensitive workflows and credentials.
The full scope of this campaign remains unclear. There is currently no public confirmation regarding the number of affected organizations, the total volume of collected API keys, or whether any downstream compromises occurred. No public attribution has been made to a known threat group.
Regardless of the ultimate impact, the incident underscores the importance of maintaining visibility into developer tools, approved software inventories, and third-party extensions used across engineering teams.
Organizations that lack oversight of plugins and development tooling may struggle to identify risky software until suspicious activity has already occurred.
Managing developer devices requires balancing productivity with security.
Hexnode UEM can help organizations strengthen governance over developer workstations through:
These capabilities can help organizations maintain better control over the software installed within development environments.
When suspicious activity is identified on a developer endpoint, rapid investigation becomes critical.
Hexnode XDR can help security teams:
These capabilities can support investigation and response when potentially malicious tools are discovered on supported Windows and macOS endpoints.
Explore how Hexnode XDR combines endpoint visibility, and response capabilities to help IT and security teams identify and contain threats faster.
Featured resource
Hexnode XDR Info Sheet
Organizations can also strengthen access controls around development resources and connected services.
Hexnode IdP supports:
These controls can help reduce the impact of credential exposure by ensuring access decisions incorporate device and identity requirements.
The JetBrains Marketplace campaign is a reminder that AI tooling has become part of the enterprise attack surface.
The reported plugins did not rely on exploiting a software vulnerability. Instead, they appear to have leveraged trust in marketplace-distributed applications and the growing adoption of AI-assisted development tools.
As organizations continue integrating AI into software development, governance efforts should extend beyond operating systems and cloud services to include IDE plugins, extensions, and third-party development utilities. Establishing visibility into developer tooling, enforcing approved software policies, and rotating potentially exposed credentials can help reduce risk when trusted tools become potential attack vectors.
Discover how Hexnode helps organizations strengthen endpoint governance and investigate suspicious activity.
Sign up now
