Cybersecurity researchers have uncovered a coordinated malware campaign targeting software developers and artificial intelligence users through malicious JetBrains Marketplace plugins and browser extensions. The activity, identified by Aikido Security and independent security researchers, demonstrates how threat actors are increasingly focusing on developer ecosystems and AI platforms to obtain valuable credentials, access tokens, and sensitive user information. The campaign involves at least 15 malicious JetBrains plugins disguised as AI coding assistants and two Chrome browser extensions that secretly capture user interactions with leading AI chatbot platforms. Researchers believe the operation reflects a broader trend in which cybercriminal groups are exploiting growing adoption of AI technologies and developer tools to create new monetisation opportunities through credential theft and data collection.
According to Aikido Security, the malicious JetBrains plugins have been active since late October 2025, with new versions continuing to appear as recently as June 2026. The plugins present themselves as legitimate AI powered development assistants offering features such as code reviews, chat capabilities, bug detection, unit test generation, and automated commit message creation. Researchers noted that the plugins function as advertised, making them appear trustworthy to users. However, hidden functionality within the software allows the theft of API keys entered by developers for AI services such as OpenAI, DeepSeek, and SiliconFlow. The stolen credentials are reportedly transmitted through unencrypted HTTP requests to infrastructure controlled by the operators behind the campaign. Some of the malicious plugins, including CodeGPT AI Assistant and DeepSeek AI Assist, reportedly accumulated more than 25,000 downloads each, although researchers have not determined whether these figures accurately reflect genuine user adoption. Security analysts also identified an unusual payment mechanism within the plugins where users paying a fee were provided with alternative API keys. This behaviour has led researchers to suspect that stolen AI service credentials may be redistributed to other users as part of an illicit access sharing scheme, allowing attackers to profit while legitimate account holders bear the usage costs.
Security experts warn that the campaign highlights the growing risks associated with software supply chains and third party development tools. Modern developer environments often contain source code repositories, cloud access credentials, signing certificates, and AI service tokens, making them attractive targets for cybercriminal groups. Researchers noted that attackers increasingly view AI provider credentials as valuable assets because they can be sold, abused for large scale language model usage, or leveraged in activities commonly referred to as LLMjacking. The findings reinforce concerns about insufficient scrutiny of third party plugins and the need for organisations to carefully evaluate software extensions before deployment. Aikido Security advised users to treat development plugins with the same level of caution applied to software dependencies and to avoid sharing long lived credentials with tools that have not undergone proper security review.
At the same time, researchers identified a separate operation known as PromptSnatcher involving two Chrome extensions marketed as ad blocking tools. The extensions, Smart Adblocker and Adblock for Browser, were found collecting conversation data from major AI platforms including OpenAI ChatGPT, Anthropic Claude, Google Gemini, Microsoft Copilot, Perplexity, DeepSeek, xAI Grok, and Meta AI. Investigators discovered that while the extensions provide genuine ad blocking functionality through publicly available filter lists, they also include hidden telemetry capabilities designed to intercept user conversations, model usage details, and subscription information. The extensions have reportedly been available for several years, suggesting that the AI monitoring features were introduced through later software updates. Researchers classified the activity as a form of prompt poaching, a technique increasingly observed among browser extensions seeking to harvest AI generated content and user interactions without transparent disclosure. Security analysts noted that the extensions transmit collected information to operator controlled infrastructure and provide only vague consent language that does not clearly explain the extent of the monitoring activity. The discovery highlights growing concerns surrounding AI privacy, browser security, and the expanding attack surface created by third party applications operating within trusted software ecosystems.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
