Updated
Updated · InfoWorld · Jun 2
Malicious npm Package Stole OpenAI Codex Tokens via 27,000-Download App
Updated
Updated · InfoWorld · Jun 2

Malicious npm Package Stole OpenAI Codex Tokens via 27,000-Download App

3 articles · Updated · InfoWorld · Jun 2
  • Aikido said the npm package codexui-android exfiltrated OpenAI Codex access, refresh and ID tokens plus account IDs, while presenting itself as a legitimate remote UI tool for developers.
  • The package drew about 27,000 weekly downloads because its public GitHub repository looked clean and useful, but the token-stealing code appeared only in the published npm artifact sent to users.
  • Researchers said a companion Android app worsened the risk by automatically pulling and executing the npm package at runtime, exposing a supply-chain gap in build and distribution pipelines rather than source code alone.
  • Refresh tokens were the biggest concern because they do not expire, giving attackers persistent access to whatever the compromised Codex account could reach.
  • IDC expects that by 2028, half of enterprises deploying agentic AI in Asia Pacific excluding Japan will require an AI bill of materials, underscoring pressure for tighter provenance checks and least-privilege controls.
Sources
InfoWorld4h ago
Malicious npm Package 'codexui-android' Steals OpenAI Codex Developer Tokens
develeap.com4h ago
OpenAI Codex Authentication Tokens Stolen in…
thecybersignal.com12h ago
codexui-android npm Package Is Stealing OpenAI Codex Tokens
7 Sources
AI tools are the new target for powerful data theft. Is your company prepared?
When public code is a lie, how can we secure the software supply chain?

Over 29,000 Developers Exposed: Inside the CodexUI-Android Supply-Chain Attack on AI Tooling

Overview

The codexui-android attack, discovered in late May 2026, is a major supply-chain threat that targeted AI developer tools by posing as a legitimate project. Threat actors put significant effort into building a credible developer persona and a trustworthy presence, making the project itself the main attack vector. This careful deception made the campaign very hard to detect and increased its danger for developers and organizations. By blending in with genuine tools, the attackers were able to steal sensitive tokens and compromise security, highlighting the growing risks in the AI development ecosystem.

...

Related Stories

Attackers Tainted 32 Red Hat npm Releases, Exposing Secrets Across 80,000 Weekly Downloads
2h ago
OpenAI Says Codex Tops 5 Million Weekly Users as Knowledge-Worker Adoption Grows 3x Faster
12h ago
OpenAI Makes Frontier Models, Codex Available on AWS for 5 Million Weekly Codex Users
1d ago
Sources7 total
InfoWorld4h ago
Malicious npm Package 'codexui-android' Steals OpenAI Codex Developer Tokens
develeap.com4h ago
OpenAI Codex Authentication Tokens Stolen in…
thecybersignal.com12h ago
codexui-android npm Package Is Stealing OpenAI Codex Tokens
Show all 7 sources

Related Stories

Attackers Tainted 32 Red Hat npm Releases, Exposing Secrets Across 80,000 Weekly Downloads
2h ago
OpenAI Says Codex Tops 5 Million Weekly Users as Knowledge-Worker Adoption Grows 3x Faster
12h ago
OpenAI Makes Frontier Models, Codex Available on AWS for 5 Million Weekly Codex Users
1d ago