You install a plugin to help you write better code. It promises AI-powered chat, commit messages, code review, and unit tests. It works exactly as advertised. You enter your API key for OpenAI or DeepSeek. The plugin does its job.
And in the background, it sends your key to an attacker-controlled server.
A coordinated malware campaign on the JetBrains Marketplace has published at least 15 malicious plugins designed to exfiltrate AI provider keys. Two of them have more than 25,000 downloads each.
The same week, two Google Chrome ad blockers with a combined 100,000 users were caught capturing AI conversations from ChatGPT, Claude, Gemini, and other platforms.
Developers are being targeted from every angle.
The JetBrains Marketplace Campaign
Quick Security Checklist
- Scan your system or website
- Update all dependencies
- Change passwords
- Enable 2FA
The campaign has been ongoing since October 2025. New plugins were published as recently as June 10, 2026. The JetBrains Marketplace contains many malicious plugins disguised as AI-based coding assistants derived from large language models such as DeepSeek.
The following plugins have all been compromised:
DeepSeek Junit Test
DeepSeek Git Commit
DeepSeek FindBugs
DeepSeek AI Chat
DeepSeek Dev AI
DeepSeek AI Coding
AI FindBugs
AI Git Commitor
AI Coder Review
DeepSeek Coder AI
AI Coder Assistant
DeepSeek Code Review
CodeGPT AI Assistant
DeepSeek AI Assist
Coding Simple Tool
Every plugin requires users to open the settings panel and enter an API key for an AI provider like OpenAI, SiliconFlow, or DeepSeek. The plugins work as promised. That is what makes them convincing.
But each plugin also sneaks in a routine that sends the provided API key to a remote server controlled by the attacker. The exfiltration happens over plaintext HTTP. No encryption. No obfuscation. Just your API key, sent in the clear.
The Paid Tier Twist
The JetBrains Marketplace malicious plugins also include a paid tier. Users can pay a small fee through a donation wall built into the plugin. After payment, the server sends an API key back to the client. The plugin starts using that key instead of the user's own.
That behavior is unusual. No legitimate operator would hand a user a working, unrestricted key to a paid AI provider. But it reveals the operator's likely monetization strategy: collect money from users on one side and stolen credentials on the other.
The genuine key owners pay the bill. The attackers collect the fees.
The Chrome Extensions
Separately, researcher Jean-Marie R. uncovered a data collection operation codenamed PromptSnatcher. Two Google Chrome extensions have been capturing users' AI conversations across multiple platforms.
The extensions are:
1. Smart Adblocker (90,000 users, published October 2022)
2. Adblock for Browser (10,000 users, published August 2023)
Both extensions are still available on the Chrome Web Store. Both provide genuine ad-blocking functionality using legitimate filter lists. That is their cover.
But they also ship a custom interception engine that records non-public conversations, model usage, and account-tier metadata from every major AI platform:
1. OpenAI ChatGPT
2. Anthropic Claude
3. Google Gemini
4. Microsoft Copilot
5. Perplexity
6. DeepSeek
7. xAI Grok
8. Meta AI
The AI-related data exfiltration features were introduced through software updates. The extensions had been around for years before the malicious functionality was added.
Prompt Poaching
These types of attacks fall under a category known as Prompt Poaching. Over the past several months, browser extensions both legitimate and malicious have adopted this method to stealthily capture users' AI chats.
The extensions intercept full AI conversation history, model usage, and subscription tier information. This data is transmitted to operator-controlled infrastructure without any notification to the user beyond a generic "Enhanced Protection" consent string.
What remains unclear is whether these practices violate Google's policies for browser extensions. The extensions provide genuine functionality while running an undisclosed telemetry channel.
Why Developers Are Targeted
The JetBrains Marketplace malicious plugins and the Chrome extensions both target developers. That is not a coincidence.
Developer environments host source code, cloud credentials, signing keys, and API keys for paid AI services. Stolen AI keys can be resold for LLMjacking schemes, where attackers use compromised accounts to access expensive AI models.
The open-source ecosystem has become a lucrative target precisely because of the value of the credentials stored there.
How to Protect Yourself
For JetBrains users:
1. Treat a plugin the same way you would treat any dependency that runs with your privileges.
2. Be cautious about pasting long-lived secrets into tools you have not vetted.
3. Verify the publisher of any Plugin you install. The malicious Plugins used in this campaign employ generic publishers and have no verifiable ids.
4. Look out for Unexpected Outbound Requests from your IDE to a Remote Server over HTTP.
For Chrome users:
1. Go through your extensions and remove any that you no longer use.
2. Determine if the ad-blockers and other extensions you have installed on your computer are requesting access to your entire browsing history and/or your account information across all sites you visit.
3. Keep an eye out for consent requests (ie; increased protection) that do not provide specifics about what kinds of information they will be collecting from your computer.
4. Use open-source ad-blockers and plug-ins that undergo periodic review by an independent auditor.
For organizations:
1. Establish procedures or rules for implementing some sorts of plugin or extension; make sure that everyone abides by them.
2. Look into any suspicious outbound traffic that has been received through the use of an untrusted network over a standard HTTP connection to request access to obtain an API key from an unsecured website.
3. Inform all developers of their duty to protect API keys from entering any tools or systems that cannot be depended upon to keep their information safe from theft or destruction.
The Bigger Picture
There is a similarity between both the JetBrains Marketplace of malware plugins campaign and PromptSnatcher: They're both aimed at attacking the applications developers depend on.
IDE, browser extensions, AI assistant - Developers use these types of applications daily. Developers inherently trust these applications, and this inherent trust is what attackers take advantage of.
The plugins work as advertised. The ad blockers block ads. That is what makes the theft invisible.
The Bottom Line
Malicious plugins on JetBrains Marketplace have been stealing AI provider keys since October 2025. Two Chrome extensions with 100,000 users have been capturing AI conversations. Both campaigns target developers and the valuable credentials they hold.
Check your installed plugins. Review your browser extensions. And think twice before pasting an API key into a tool you have not fully vetted.
Because the AI assistant you trust might be reporting back to someone else.
FAQ Section
What is the JetBrains Marketplace malicious plugin campaign?
It is a coordinated attack where 15 plugins published on the JetBrains Marketplace pose as AI coding assistants but exfiltrate users' AI provider API keys to an attacker-controlled server.
Which plugins are impacted by this situation?
There is a group of plugins that are affected by this situation: DeepSeek-branded plugins, CodeGPT AI Assistant and multiple additional plugin varieties. Two of these plugins each have been downloaded over 25,000 times.
How does every plugin steal its user's API key?
In order to enable the AI-based features of any plugins, users provide and enter their personal API keys via the plugin itself. In addition to functioning correctly and as intended, these plugins transmit users' API keys over standard, unprotected (plaintext) HTTP connections to remote servers owned and operated by hackers.
What is PromptSnatcher?
PromptSnatcher is a data collection operation where two Chrome ad blocker extensions capture users' conversations with AI chatbots across eight platforms, including ChatGPT, Claude, Gemini, and Copilot.
What is the user count for these plugins?
Smart Adblocker carries a total of 90,000 downloads, while “Adblock for Browser” has approximately 10,000 downloads. In total, these two extensions account for 100,000 installations combined.
How can I best protect myself?
Be sure to review your list of currently installed JetBrains plugins and Google Chrome extensions regularly; remove anything you do not actively use. Exercise caution when entering your own API keys into any tool you may not consider a trusted source. Also, be sure to watch for any unexpected outbound HTTP requests being generated.
Will the attacks on these extensions continue to occur?
They certainly will; there have been multiple new plugins added as of June 10, 2026! Both extensions remain publicly listed on Google’s Chrome Web Store.
