Malicious plugins on the JetBrains Marketplace have been discovered, with at least 15 plugins identified as capable of stealing artificial intelligence API keys. These plugins masquerade as AI coding assistants, leveraging large language models like DeepSeek to offer various services such as code review and bug finding. The plugins are part of a coordinated malware campaign, and their presence on the marketplace poses a significant threat to developers who use them. The campaign's ability to capture chatbot chats using Chrome extensions further exacerbates the issue, allowing attackers to intercept sensitive information1. The fact that state-aligned activity is involved shifts the threat model, making it a geopolitical concern rather than just a criminal one. This matters to practitioners because it requires a different approach to security, one that takes into account the complexities of state-sponsored threats.