Malicious JetBrains Plugins and Chrome Extensions Target AI Credentials and Conversations
Researchers uncovered 15 malicious JetBrains plugins stealing AI API keys and two Chrome ad-blocker extensions capturing AI chatbot conversations in a coordinated campaign.
Cybersecurity researchers have flagged a coordinated malware campaign on the JetBrains Marketplace that published 15 malicious plugins capable of exfiltrating AI provider API keys. The plugins, posing as AI coding assistants built on DeepSeek and other LLMs, offer chat, commit messages, code review, bug finding, and unit tests. However, the AI provider API key entered by users is exfiltrated to a server controlled by the attacker. The activity has been ongoing since October 2025, with new plugins released as recently as June 10, 2026. Two plugins, CodeGPT AI Assistant and DeepSeek AI Assist, have over 25,000 downloads each, though the counts may be inflated.
The complete list of malicious plugins includes DeepSeek Junit Test, DeepSeek Git Commit, DeepSeek FindBugs, DeepSeek AI Chat, DeepSeek Dev AI, DeepSeek AI Coding, AI FindBugs, AI Git Commitor, AI Coder Review, DeepSeek Coder AI, AI Coder Assistant, DeepSeek Code Review, CodeGPT AI Assistant, DeepSeek AI Assist, and Coding Simple Tool. All share a similar codebase, requiring users to enter an API key for AI services like OpenAI, SiliconFlow, or DeepSeek. While the plugins function as advertised, they covertly siphon the API key to a remote server at 39.107.60[.]51 over HTTP in plaintext.
The plugins also offer a paid tier where users pay a small fee through a donation wall, and the server sends back an API key for model calls. This raises the possibility that the operators are sharing stolen AI provider API keys with other threat actors, effectively turning it into a service that grants paying users access to victims' AI providers. "The operator collects money on one side and free credentials on the other, while the genuine key owners pay the bill," said Ilyas Makari of Aikido Security.
Separately, researcher Jean-Marie R. discovered two Google Chrome ad blocker extensions that capture users' conversations with AI chatbots like ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, and Meta AI. The extensions, named Smart Adblocker (90,000 users) and Adblock for Browser (10,000 users), have been available since October 2022 and August 2023, respectively. They ship a custom interception engine that records non-public conversations, model usage, and account-tier metadata from major AI platforms, transmitting the data to operator-controlled infrastructure under the guise of a generic "Enhanced Protection" consent string.
The campaign, dubbed PromptSnatcher, uses legitimate public filter lists like EasyList as functional cover, providing genuine ad-blocking utility while running an undisclosed telemetry channel. The AI-related updates were likely introduced via software updates. This technique, called Prompt Poaching, has been increasingly observed in both legitimate and malicious browser extensions to stealthily capture AI chats.
These developments highlight how threat actors are increasingly targeting developer environments and browser extensions to steal AI credentials and sensitive conversation data. The stolen API keys can be resold for LLMjacking schemes, while captured AI conversations may contain proprietary or confidential information. Users are advised to treat plugins and extensions with caution, avoid pasting long-lived secrets into unvetted tools, and review permissions granted to browser extensions.