Malicious JetBrains Marketplace plugins steal AI API keys from developers
Security researchers have identified malicious plugins on the JetBrains Marketplace that target developers by stealing their AI API keys. These plugins, once installed, exfiltrate credentials used to access various AI services. The attack specifically aims at developers who use JetBrains IDEs, a popular development environment. The stolen API keys could be used to access paid AI services, leading to unauthorized usage and potential financial charges for the affected developers. The discovery highlights the risks of third-party plugins in development tools, as they can introduce security vulnerabilities. JetBrains has been notified about the malicious plugins, and users are advised to review their installed plugins and API key usage.
Stolen AI API keys can lead to unauthorized usage and financial loss for developers.