JetBrains Marketplace Supply Chain Attack: 15 Malicious AI Plugins & API Key Exfiltration (opens in new tab)

Originally published on satyamrastogi.com Security researchers identified 15 malicious JetBrains plugins masquerading as DeepSeek AI assistants. Attack chain harvests API keys, exfiltrates LLM chat sessions, and establishes persistence in development environments. Supply chain pivot to downstream applications. JetBrains Marketplace Supply Chain Attack: 15 Malicious AI Plugins & API Key Exfiltration Executive Summary A coordinated malware campaign has compromised the JetBrains Marketplace with...