Plugins have appeared on JetBrains' official marketplace that exfiltrate API keys for AI models. They do not contain typical malware that searches the computer for credentials but rather transmits a manually entered key to an external server.
The plugins for JetBrains development environments such as IntelliJ IDEA generally seem to behave as described: they use language models for code reviews, unit tests, bug finding, and other functions.
When writing this report, at least some affected plugins were still available on the JetBrains Marketplace.
Transmission to an External Server
To use the language models, they request an API key for DeepSeek, OpenAI, and SiliconFlow, among others. This key is transmitted directly to an external server after input.
