Hackers Hid Malware in Developer Tools to Steal Valuable AI Access Keys
15 malicious plugins in a popular developer marketplace stole AI API keys, leading to thousands in fraudulent charges. Here's what happened and how to protect yourself.
Source
GetCyberRight Intelligence
Original headline: Malicious JetBrains Plugins Steal AI API Keys
Plain-English summary by GetCyberRight. Read the full report at the source above.
What Happened
Hackers recently planted 15 malicious plugins in the JetBrains Marketplace, a popular store where software developers download tools to help them code. These fake plugins secretly stole AI API keys from developers' computers. These keys act like passwords that give access to expensive AI services like ChatGPT and Claude, leading to unauthorized charges and the keys being sold on underground markets.
The Details
Think of API keys like credit card numbers for AI services. Companies give developers these keys so their programs can use AI tools. The stolen keys let criminals rack up charges on someone else's account, sometimes totaling thousands of dollars in a single day.
The malicious plugins disguised themselves as helpful coding tools. Once installed, they quietly searched developers' computers for files containing these valuable API keys. The stolen keys were then sent to the hackers, who either used them for their own projects or sold them to others on the dark web.
JetBrains, the company that runs the marketplace, removed all 15 plugins after security researchers discovered the theft. However, developers who installed these plugins before removal may have already had their keys compromised. Some victims reported seeing mysterious charges appear on their AI service bills before they even knew something was wrong.
Who Is Affected
This attack primarily targeted professional software developers who use JetBrains products like IntelliJ IDEA, PyCharm, or WebStorm. If someone in your household works in software development or technology, they should pay close attention to this incident.
However, this matters to everyone. When developers' tools get compromised, it can lead to wider security problems. Stolen API keys can be used to create spam, spread misinformation, or launch other attacks. Plus, the techniques used here will likely spread to other platforms and services.
What You Should Do Right Now
Check your installed plugins. If you use JetBrains products, review all installed plugins immediately. Remove any you don't recognize or no longer use. Go to Settings > Plugins and scrutinize the list.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Rotate your API keys. If you have API keys for OpenAI, Anthropic, Google AI, or similar services, generate new keys and delete the old ones. Do this through each service's dashboard or settings area.
Review billing statements. Check your AI service accounts for unusual activity or unexpected charges from the past 60 days. Look for usage spikes or geographic locations that don't match your normal patterns.
Enable spending limits. Most AI platforms let you set maximum monthly spending caps. Configure these limits to prevent runaway charges if your keys are ever compromised again.
Use environment variables, not code files. If you're a developer, store API keys in environment variables or secure vaults, not directly in your code or configuration files where malware can easily find them.
The Bigger Picture
This attack represents a growing trend: hackers targeting the software supply chain rather than end users directly. As AI services become more valuable and widespread, the keys that unlock them become prime targets. Staying informed about these threats helps you protect not just your own accounts, but also your family's digital safety and financial security.
How GetCyberRight Can Help
Our Cyber Threat Radar tool tracks exactly these kinds of emerging threats. It monitors supply chain attacks, new malware targeting developers and businesses, and provides early warnings about compromised tools before they become widespread problems. By staying connected with trusted cybersecurity resources, you can spot dangerous trends early and take action before you become a victim.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
New Malware Steals Browser Passwords Without Leaving a Trace
Fileless malware is targeting passwords saved in your browser, making it invisible to traditional security software. Here's what families need to know.
3 min readInvisible Malware Is Stealing Passwords Saved in Your Browser
A new type of malware steals passwords without leaving files on your computer, making it nearly impossible for antivirus software to detect.
3 min readFake Developer Tools Caught Stealing AI Access Keys on Trusted Platform
At least 15 malicious plugins on JetBrains Marketplace stole AI service credentials from developers, showing how supply chain attacks now target everyday work tools.
4 min read
Google AI Security Flaw Let Attackers Hijack Machine Learning Models
A vulnerability in Google's Vertex AI platform could have let attackers tamper with AI models. The flaw is now patched, but highlights growing risks in AI systems.
4 min read