OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Summary
A supply chain attack has been discovered targeting developers using OpenAI Codex. The malicious package, codexui-android, disguised as a legitimate remote web UI for Codex, was downloaded over 29,000 times weekly from npm.
IFF Assessment
FOE
The attack successfully compromised developer tools and stole sensitive authentication tokens, which is detrimental to defenders.
Defender Context
This incident highlights the persistent threat of supply chain attacks, where legitimate-looking packages can be weaponized to steal credentials. Defenders should exercise extreme caution when integrating third-party libraries, especially those related to AI development tools, and implement robust dependency scanning and vetting processes.