OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed a malicious supply chain campaign targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The campaign has been stealing Codex authentication tokens, including access tokens, refresh tokens, and account IDs, which can be used to silently impersonate users indefinitely.
A malicious npm package, codexui-android, has been stealing OpenAI Codex authentication tokens from developers. The package, which has over 29,000 weekly downloads, is a functional remote web UI for OpenAI Codex and has undergone active development. However, the package contains code that extracts the contents of Codex's ~/.codex/auth.json file and exfiltrates them to a remote server. The captured data includes access tokens, refresh tokens, id tokens, and account IDs. The refresh token does not expire, allowing an attacker to silently impersonate the user indefinitely. The npm account associated with the package is 'friuns' (aka Igor Levochkin). The same exfiltration chain has also been flagged in two Android apps linked to BrutalStrike, with over 60,000 downloads combined. The apps run the npm package within their PRoot sandbox and send the Codex credentials to the same endpoint. OpenAI warns that the ~/.codex/auth.json file contains access tokens and should be treated like a password. The company advises users not to commit it, paste it into tickets, or share it in chat.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.