OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

2026-06-01

1 min read

by info@thehackernews.com (The Hacker News)

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

A supply chain attack exploited the legitimate codexui-android npm package to steal OpenAI Codex authentication tokens from developers.

•Malicious code was injected to exfiltrate credentials including access_token, refresh_token, and account ID to attacker-controlled server sentry.anyclaw[.]store
•The non-expiring refresh_token allowed attackers to maintain persistent access to compromised accounts indefinitely
•Multiple Android applications distributed the malicious npm package within PRoot sandboxes, affecting over 50,000 downloads collectively
•Similar credential revocation vulnerabilities were discovered in Google API keys (16-23 minute delay) and AWS access keys (4-second window)

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Related Articles