Fake Developer Tools Caught Stealing AI Access Keys on Trusted Platform

What Happened

Cybersecurity researchers discovered at least 15 malicious plugins on the official JetBrains Marketplace, a trusted platform where developers download tools for their work. These fake plugins were secretly stealing valuable AI API keys, including credentials for Claude, OpenAI, and other services. This attack matters because it happened on an official, vetted marketplace, not some sketchy website, showing that even legitimate platforms can host dangerous software.

The Details

JetBrains makes popular software development tools used by millions of professionals worldwide. Their marketplace is like an app store for developer productivity tools. The malicious plugins looked completely legitimate with professional descriptions and helpful-sounding features.

Once installed, these plugins quietly searched through developers' computers for API keys. These keys are like passwords that let you access AI services such as ChatGPT, Claude, and similar tools. When companies or individuals pay for these services, the keys unlock their accounts and credit balances. Stealing these keys means attackers can either use the services for free on someone else's account or sell the keys to others.

The plugins sat on the marketplace for an unknown period, harvesting credentials from unsuspecting users. This is called a supply chain attack because criminals poisoned a trusted source that people rely on daily. The attackers didn't need to hack individual computers. They simply waited for people to voluntarily install their malicious tools.

Who Is Affected

Software developers and programmers are the primary targets, especially those using AI coding assistants and tools. If someone in your household works in technology or software development, they may have been exposed. This also affects businesses that pay for AI services, since stolen keys can rack up unauthorized charges.

Anyone who uses JetBrains development tools (like IntelliJ IDEA, PyCharm, or WebStorm) should pay attention. Even if you're not a developer yourself, your employer's systems could be compromised if your work involves these tools. Students learning to code are also vulnerable if they installed plugins to help with coursework.

What You Should Do Right Now

1. Check installed plugins immediately. If you or someone in your household uses JetBrains tools, review all installed plugins and remove any that look unfamiliar or that you don't actively use.

The Bigger Picture

This attack highlights how cybercriminals are evolving alongside technology. As AI tools become essential for work and learning, attackers target the credentials that unlock them. Supply chain attacks are particularly dangerous because they exploit our trust in established platforms. Staying informed about these threats helps you spot warning signs before installing software, even from sources you usually trust.

How GetCyberRight Can Help

Our Cyber Threat Radar tool tracks emerging supply chain attacks and credential theft trends affecting developers and AI tool users. It helps families understand which threats matter most to their specific situation. By monitoring these evolving risks, you can make informed decisions about the tools your household uses and protect valuable accounts before they're compromised.