Malicious JetBrains Marketplace Plugins Exfiltrate AI Provider API Keys and Chrome Extensions Capture Chatbot Conversations
What Happened — Researchers discovered at least 15 malicious plugins on the JetBrains Marketplace that masquerade as AI‑coding assistants (e.g., DeepSeek, other LLMs). Once installed, the plugins harvest AI service API keys and transmit them to command‑and‑control servers. A parallel campaign of Chrome extensions was found capturing user chats with AI chatbots and relaying the content to the same actors.
Why It Matters for Compliance & Audit Readiness
- This supply‑chain attack directly violates SOC 2 CC6.1 (System Operations) and CC7.1 (Risk Management) by introducing unvetted third‑party code that can exfiltrate credentials.
- Continuous vendor‑risk monitoring and evidence of due‑diligence are core to a defensible SOC 2 audit; the incident shows why automated marketplace scanning is essential.
- Demonstrates the need for documented controls around third‑party component approval, runtime integrity checks, and key‑management policies to prove “least‑privilege” and “secure configuration” during an audit.
Who Is Affected
- Software development firms, SaaS providers, and any organization that integrates AI coding assistants into their development pipelines (Tech / SaaS, FinTech, EdTech, etc.).
Recommended Actions
- Immediately inventory all JetBrains plugins and Chrome extensions in use; remove any not officially vetted.
- Enforce a formal third‑party component approval process aligned with SOC 2 vendor‑management controls; capture approval evidence in your compliance repository.
- Rotate any AI provider API keys that may have been exposed and implement secret‑management solutions with audit logging.
- Deploy runtime integrity monitoring to detect unauthorized code execution within IDEs and browsers.
Source: The Hacker News
Technical Notes
- Attack vector: malicious plugins published to a trusted marketplace (third‑party dependency) and Chrome extensions with hidden data‑exfiltration scripts.
- Exfiltrated data: AI service API keys (e.g., OpenAI, DeepSeek) and full transcript of chatbot interactions.
- No public CVE; the threat leverages social engineering and supply‑chain trust.
Source: The Hacker News