OpenAI Codex Auth Tokens Stolen in npm Supply Chain Attack

Cybersecurity researchers have disclosed a supply chain attack targeting developers using OpenAI Codex. The malicious package, named 'codexui-android,' is advertised on GitHub and npm as a legitimate remote web UI for OpenAI Codex.

The package has attracted over 29,000 weekly downloads and remains available for download from the repository. Its primary goal is to steal OpenAI Codex authentication tokens from unsuspecting developers.

The attack exploits developers' trust in widely used package registries. The malicious code within the package intercepts authentication tokens during normal usage, potentially granting attackers persistent access to victims' Codex accounts and associated systems.

At this time, no official patch or removal action has been reported. Developers who have used this package should immediately revoke any API keys or tokens associated with their OpenAI Codex accounts and audit their systems for unauthorized access.

This incident highlights the growing threat of supply chain attacks targeting AI developer tools, where malicious actors leverage the popularity and trust of open-source ecosystems to compromise high-value credentials.

Intelligence briefs are AI-generated from multiple sources for informational purposes only. Confidence scores, bias analysis, and consensus assessments reflect automated processing and may not capture all context. Verify critical information independently.

OpenAI Codex Auth Tokens Stolen in npm Supply Chain Attack

// Source Consensus

// Entities

// Key Data

// Source Verification

OpenAI Codex Auth Tokens Stolen in npm Supply Chain Attack

// Source Consensus

// Entities

// Key Data

// Source Verification

// Takes & Comments

// Takes & Comments