OpenAI Codex Developers Targeted in Supply Chain Attack That Steals Authentication Tokens

A widely used Codex web interface package allegedly collected developer credentials for weeks, exposing the growing risks within AI development ecosystems.

Artificial intelligence tools are becoming a core part of modern software development. However, attackers are quickly adapting their methods to target these new environments.

Security researchers recently uncovered a supply chain attack involving a popular npm package called "codexui-android." The package was marketed as a remote web interface for OpenAI Codex and attracted thousands of developers.

Unlike traditional supply chain attacks, this campaign did not rely on a fake package. Instead, attackers allegedly inserted malicious functionality into a real project that appeared legitimate and actively maintained.

Malicious Code Hidden Inside a Trusted Package

Researchers found that recent versions of the package contained code designed to collect OpenAI Codex authentication credentials.

The malicious component searched for a local authentication file used by Codex. It then extracted sensitive information and transmitted it to an external server controlled by the attackers.

The stolen information reportedly included access tokens, refresh tokens, account identifiers, and other authentication details.

Because the package remained functional, many users had no reason to suspect malicious activity.

Why Stolen Tokens Are So Dangerous

The attack focused on authentication tokens rather than passwords.

Access tokens usually expire after a period of time. Refresh tokens are more valuable because they can provide long-term access to an account.

An attacker who obtains a refresh token may continue accessing services without triggering immediate suspicion.

As a result, compromised tokens can create long-lasting security risks for developers and organizations.

Attackers Waited to Build Trust

Researchers believe the malicious functionality was added several weeks after the package first appeared on npm.

This approach helps attackers avoid detection. Developers often trust packages that have been available for some time and have accumulated downloads.

By delaying the malicious update, threat actors can reach a larger number of victims before security researchers discover the attack.

This tactic has become increasingly common in software supply chain campaigns.

Android Applications Also Affected

The investigation revealed another important finding. The npm package was not the only delivery method.

Researchers identified Android applications that allegedly used the same credential theft mechanism.

These applications created isolated Linux environments on Android devices and executed the package inside them.

Once users signed in to Codex, the applications reportedly collected the authentication data and sent it to the same external server.

This allowed attackers to target both desktop and mobile users through a similar attack chain.

Growing Risks for AI Development Platforms

The incident highlights a broader trend in cybersecurity.

Threat actors are increasingly targeting AI platforms, developer tools, browser extensions, and software dependencies.

As organizations adopt AI technologies, these tools become attractive targets for credential theft and supply chain attacks.

Developers often grant AI assistants access to code repositories, cloud resources, and sensitive business data. Therefore, a compromised AI account can create serious security consequences.

What Security Teams Should Do Next

Organizations should review all AI-related development tools currently in use.

Security teams should also audit third-party dependencies and monitor for unauthorized package changes.

Token rotation policies can reduce the impact of stolen credentials. Additionally, organizations should monitor for unusual authentication activity and investigate unexpected account behavior.

Developers should treat authentication files with the same level of protection as passwords. They should never share these files or store them in public repositories.

A Warning for the AI Era

This incident serves as a warning for organizations embracing AI-powered development.

A package can appear legitimate, receive regular updates, and still become a threat.

As AI ecosystems continue to grow, security leaders must extend supply chain security practices to every tool developers use.

Protecting authentication tokens, monitoring dependencies, and securing AI workflows will become essential parts of modern cybersecurity programs.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

OpenAI Codex Developers Targeted in Supply Chain Attack That Steals Authentication Tokens