Fake AI Coding Tools Stole Developer Credentials from JetBrains Store

What Happened

JetBrains recently removed 15 malicious plugins from their official marketplace. Each one pretended to be a helpful AI coding assistant. Instead of helping developers write code, these fake tools were stealing API keys for popular AI services like OpenAI and Anthropic.

The Details

These plugins looked completely legitimate. They promised features that developers actually need: AI-powered chat, automatic code review, bug detection, and unit test generation. Developers downloaded and installed them thinking they were getting useful tools to speed up their work.

Once installed, the malicious plugins secretly scanned the developer's computer for API keys. These keys are like passwords that let you access paid AI services. A single API key can be worth hundreds or thousands of dollars in service credits. Attackers can use stolen keys to run up massive bills or resell access to others.

This attack highlights a growing problem in software development. Developers trust official marketplaces to vet plugins before making them available. These attackers exploited that trust by making their malicious code look helpful and professional. The plugins appeared in search results right alongside legitimate tools.

Who Is Affected

Software developers who use JetBrains products (like IntelliJ IDEA, PyCharm, or WebStorm) are directly affected. If you or someone in your household codes professionally or as a serious hobby, this matters. Many developers install multiple plugins to customize their tools.

Small business owners who employ developers should also pay attention. If your team uses AI coding tools, stolen API keys could mean unexpected bills in the thousands of dollars. Your company's proprietary code could also be exposed if attackers use your keys to access AI services.

What You Should Do Right Now

1. Check your installed JetBrains plugins immediately. Open your IDE settings, review all installed plugins, and remove anything you don't recognize or actively use.

Rotate your API keys for OpenAI, Anthropic, Google AI, and similar services. Log into each service, revoke existing keys, and generate new ones. Update your applications with the new keys.

Review recent billing statements for unusual activity on AI service accounts. Look for unexpected usage spikes or charges from unfamiliar locations.

Only install plugins from verified publishers going forward. Check reviews, download counts, and how recently the plugin was updated before installing.

Enable spending limits on AI service accounts if available. This prevents attackers from running up massive bills even if they steal your keys.

The Bigger Picture

This incident is part of a larger trend called supply chain attacks. Cybercriminals are targeting the tools that developers trust rather than attacking end users directly. By compromising developer tools, attackers can potentially reach thousands of victims at once. As AI services become more valuable and expensive, credentials for these services become prime targets. Staying informed about these emerging threats helps you protect yourself before problems occur.

How GetCyberRight Can Help

Our Cyber Threat Radar tool tracks exactly these kinds of emerging attack patterns. It monitors supply chain compromises targeting developers and AI users in real time. You'll get early warnings about new threats before they become widespread problems. Knowledge is your best defense in a rapidly changing threat landscape.