Criminals snuck malicious code into JetBrains plugins and browser extensions to harvest API keys and chatbot conversations from developers.
Security researchers discovered a coordinated campaign where attackers planted malicious code inside popular JetBrains development plugins—the software tools that millions of programmers use every day. At the same time, fake browser extensions were circulating that recorded conversations users had with AI chatbots like ChatGPT and Claude.
Think of it like someone hiding inside a toolbox that workers trust. When developers opened these seemingly legitimate plugins to write code, the hidden malware quietly grabbed their API keys—digital passwords that grant access to paid AI services worth hundreds or thousands of dollars. The browser extensions worked similarly, secretly photographing every conversation users typed into their AI tools.
This isn't a case of hackers finding a hidden door in software or exploiting a technical flaw. Instead, they used the trust that developers place in popular tools. Attackers either created convincing fake versions of real plugins or compromised legitimate ones that already had millions of downloads.
Once thieves obtained these API keys, they could:
For companies that rely on AI tools for customer service, code generation, or content creation, this represents a serious financial and privacy disaster. Hackers essentially opened a tap to someone else's wallet while also copying their private conversations.
If you use JetBrains IDEs (like IntelliJ IDEA or PyCharm) for programming or interact with AI chatbots regularly, this matters to you directly. Developers are prime targets because they typically work with valuable credentials and have access to company systems.
Even if you're not a programmer, this reveals a dangerous pattern: criminals are increasingly targeting the tools we trust rather than attacking the tools themselves. It's easier to slip counterfeit money into a trusted store than it is to break into a bank vault.
The bigger picture: As AI becomes central to how businesses operate, the security of AI-related passwords and conversations grows more critical. A stolen API key isn't just a minor leak—it's a direct line to your company's expenses and data.
This incident is a reminder that security threats hide in unexpected places—and staying vigilant about what you install is as important as the passwords you choose.
Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.
Explore IT Chapters →