Executive Summary
In June 2026, Aikido Security uncovered a coordinated malware campaign involving at least 15 malicious plugins on the JetBrains Marketplace. These plugins, masquerading as AI coding assistants and Git utilities, were designed to steal AI API keys from developers. Upon users entering their API keys and clicking 'Apply,' the credentials were transmitted to a hardcoded server controlled by the attackers. The plugins, published under seven vendor accounts since October 2025, amassed nearly 70,000 installations. Notably, some plugins offered a paid tier, potentially redistributing stolen API keys to paying users.
This incident underscores the escalating threat of supply chain attacks targeting developer ecosystems. As AI-powered tools become integral to software development, malicious actors are increasingly exploiting trusted platforms to distribute credential-stealing malware, highlighting the need for enhanced vigilance and security measures within developer communities.
Why This Matters Now
The proliferation of AI-driven development tools has expanded the attack surface for supply chain compromises. This incident highlights the urgent need for developers and organizations to scrutinize third-party plugins and implement robust security practices to safeguard sensitive credentials and maintain the integrity of development environments.
Attack Path Analysis
Attackers published malicious JetBrains plugins that, upon installation, exfiltrated developers' AI API keys without their knowledge. These stolen credentials were then used to access and potentially manipulate AI services, leading to unauthorized actions and data exposure.
Kill Chain Progression
Initial Compromise
Description
Attackers uploaded malicious plugins to the JetBrains Marketplace, which developers unknowingly installed.
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Supply Chain
Unsecured Credentials: Credentials in Files
Application Layer Protocol: Web Protocols
Exfiltration Over C2 Channel
Exploitation for Client Execution
Command and Scripting Interpreter: PowerShell
Indicator Removal: File Deletion
Impair Defenses: Disable or Modify Tools
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Security of Software and Systems
Control ID: 6.3.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Supply Chain Risk Management
Control ID: 3.1
NIS2 Directive – Security of Network and Information Systems
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Supply-chain attacks targeting JetBrains IDE plugins directly compromise software development environments, stealing AI API keys and enabling lateral movement through development infrastructure.
Information Technology/IT
Malicious marketplace plugins create significant supply-chain vulnerabilities in IT development workflows, requiring enhanced egress security and zero trust segmentation for developer environments.
Financial Services
Stolen AI API keys from development teams pose compliance risks under PCI DSS requirements, potentially exposing sensitive financial application development and customer data.
Health Care / Life Sciences
Compromised developer credentials threaten HIPAA compliance in healthcare software development, requiring encrypted traffic monitoring and enhanced threat detection for protected health information systems.
Sources
- Malicious JetBrains Marketplace plugins steal AI API keys from developershttps://www.bleepingcomputer.com/news/security/malicious-jetbrains-marketplace-plugins-steal-ai-api-keys-from-developers/Verified
- Understanding plugin securityhttps://plugins.jetbrains.com/docs/marketplace/understanding-plugin-security.htmlVerified
- Log4j Vulnerability and Third-party Plugins on JetBrains Marketplacehttps://blog.jetbrains.com/platform/2021/12/log4j-vulnerability-and-third-party-plugins-on-jetbrains-marketplace/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it can significantly limit the attacker's ability to move laterally and exfiltrate sensitive data by enforcing strict segmentation and identity-based access controls.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to distribute and install malicious plugins would likely be constrained, reducing the risk of initial compromise.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to access sensitive credentials would likely be limited, reducing the risk of privilege escalation.
Control: East-West Traffic Security
Mitigation: The attacker's ability to move laterally within the network would likely be constrained, reducing the risk of unauthorized access to AI services.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels would likely be limited, reducing the risk of data exfiltration.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate data over unencrypted channels would likely be constrained, reducing the risk of sensitive data exposure.
The potential impact of unauthorized access would likely be limited, reducing the risk of widespread data manipulation or service disruption.
Impact at a Glance
Affected Business Functions
- Software Development
- AI Model Integration
- Code Review Processes
Estimated downtime: N/A
Estimated loss: N/A
AI API keys of developers using the affected JetBrains Marketplace plugins.
Recommended Actions
Key Takeaways & Next Steps
- • Implement 'Cloud Native Security Fabric (CNSF)' to enforce real-time inspection and policy enforcement, preventing unauthorized data exfiltration.
- • Utilize 'Egress Security & Policy Enforcement' to monitor and control outbound traffic, blocking unauthorized communications to external servers.
- • Deploy 'Inline IPS (Suricata)' to detect and prevent malicious payloads and exploit attempts within network traffic.
- • Apply 'Zero Trust Segmentation' to limit plugin access to sensitive credentials, reducing the risk of unauthorized data access.
- • Enhance 'Multicloud Visibility & Control' to detect anomalous interactions and repeated malformed requests indicative of malicious activity.
