The burgeoning landscape of Artificial Intelligence, while promising unprecedented innovation, is simultaneously becoming a fertile ground for sophisticated cyber threats. Recent revelations have brought to light two distinct yet equally alarming campaigns: one exploiting the trust of developers through malicious plugins on the JetBrains Marketplace, and another surreptitiously compromising user privacy by capturing sensitive AI chatbot conversations via seemingly innocuous Chrome extensions.
Developer Beware: The JetBrains Plugin Heist
Cybersecurity researchers at Aikido Security have sounded the alarm on a “coordinated malware campaign” that has infiltrated the JetBrains Marketplace. No fewer than 15 malicious plugins, masquerading as helpful AI coding assistants, have been identified as actively exfiltrating Artificial Intelligence (AI) provider API keys from unsuspecting developers.
A Deceptive Modus Operandi
These rogue plugins, which include titles like “CodeGPT AI Assistant” and “DeepSeek AI Assist” (each boasting over 25,000 downloads, though their authenticity is questionable), function precisely as advertised, offering features such as chat, commit message generation, code review, bug finding, and unit tests. However, as Aikido Security researcher Ilyas Makari revealed, “The AI provider API key you enter gets exfiltrated to a server controlled by the attacker.” This illicit activity has been ongoing since late October 2025, with new iterations appearing as recently as June 10, 2026.
The Double-Edged Sword of Monetization
The attackers’ scheme takes a particularly bizarre turn with a “paid tier.” After a user pays a small fee, the server inexplicably sends an API key back to the client, which the plugin then uses for its model calls instead of the user’s own. Makari notes, “no legitimate operator would simply hand a user a working and unrestricted key to a paid AI provider.” This suggests a sophisticated monetization strategy where stolen API keys are likely resold or shared with other threat actors, effectively turning victims’ credentials into a service for paying malicious users. “The operator collects money on one side and free credentials on the other, while the genuine key owners pay the bill,” Makari explained.
List of Compromised Plugins:
- DeepSeek Junit Test (org.sm.yms.toolkit)
- DeepSeek Git Commit (com.json.simple.kit)
DeepSeek FindBugs (org.bug.find.tools)
- DeepSeek AI Chat (org.translate.ai.simple)
- DeepSeek Dev AI (com.yy.test.ai.simple)
- DeepSeek AI Coding (com.dev.ai.toolkit)
- AI FindBugs (com.json.view.simple)
- AI Git Commitor (com.my.git.ai.kit)
- AI Coder Review (org.check.ai.ds)
- DeepSeek Coder AI (com.review.tool.code)
- AI Coder Assistant (org.code.assist.dev.tool)
- DeepSeek Code Review (com.coder.ai.dpt)
- CodeGPT AI Assistant (com.my.code.tools)
- DeepSeek AI Assist (ord.cp.code.ai.kit)
- Coding Simple Tool (com.dp.git.ai.tool)
Protecting Developer Environments
This campaign underscores the escalating threat to developer environments, which are increasingly targeted due to their rich repositories of sensitive data, including source code, cloud credentials, signing keys, and valuable AI API keys. These can be resold for “LLMjacking” schemes. Aikido Security advises, “Treat a plugin the same way you would treat any dependency that runs with your privileges, and be cautious about pasting long-lived secrets into tools you have not vetted.”
Browser Betrayal: Chrome Extensions Eavesdrop on AI Chats
In a parallel and equally concerning development, two popular Google Chrome ad blocker extensions have been caught in the act of capturing users’ private conversations with leading AI chatbots, including OpenAI ChatGPT, Anthropic Claude, Google Gemini, Microsoft Copilot, Perplexity, DeepSeek, xAI Grok, and Meta AI.
PromptSnatcher: A Covert Data Harvest
Dubbed “PromptSnatcher” by researcher Jean-Marie R., this data collection operation involves extensions that, despite being presented as ad blockers, ship a custom-built interception engine. This engine “records non-public conversations, model usage, and account-tier metadata from every major AI platform,” according to the researcher. The extensions, “Smart Adblocker” (with 90,000 users, published October 2022) and “Adblock for Browser” (10,000 users, published August 2023), cleverly use legitimate public filter lists as a functional cover, providing genuine ad-blocking utility while secretly running an undisclosed telemetry channel.
The Rise of Prompt Poaching
The longevity of these extensions suggests that the AI-related data capture capabilities were introduced through software updates. This tactic is part of a broader attack technique known as “Prompt Poaching,” where browser extensions, both legitimate and malicious, are increasingly adopting methods to stealthily capture AI chats. What’s unclear is whether these practices violate Google’s policies for browser extensions.
Fortifying Your Digital Defenses in the AI Age
These incidents serve as a stark reminder of the evolving threat landscape in the age of AI. Both developers and everyday users must exercise heightened vigilance. Always scrutinize the permissions requested by plugins and extensions, and be extremely cautious about inputting sensitive information, such as API keys, into any third-party tool without thorough vetting. Regular security audits and staying informed about the latest cyber threats are paramount to safeguarding your digital assets and privacy.
For more details, visit our website.
Source: Link
Leave a comment