{"id":260946,"date":"2026-06-01T05:31:00","date_gmt":"2026-06-01T09:31:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/01\/openai-codex-authentication-tokens-stolen-in-codexui-android-npm-supply-chain-attack\/"},"modified":"2026-06-01T08:25:15","modified_gmt":"2026-06-01T12:25:15","slug":"openai-codex-authentication-tokens-stolen-in-codexui-android-npm-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/01\/openai-codex-authentication-tokens-stolen-in-codexui-android-npm-supply-chain-attack\/","title":{"rendered":"OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/openai-codex-authentication-tokens.html\">OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/openai-codex-authentication-tokens.html\">https:\/\/thehackernews.com\/2026\/06\/openai-codex-authentication-tokens.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-01 05:31:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that&#8217;s targeting developers using OpenAI Codex through a legitimate-looking remote web UI.<\/p>\n<p>The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository.<\/p>\n<p>What makes this activity noteworthy is that it&#8217;s not a traditional attack that uses a typosquat or throwaway package to trick developers. Rather, the malicious code is embedded into a functional npm package that has undergone active development. The associated GitHub repository remains clean.<\/p>\n<p>&#8220;And for the past month, every single invocation has been quietly exfiltrating your Codex authentication tokens to an attacker-controlled server,&#8221; Aikido Security researcher Charlie Eriksen said.<\/p>\n<p>The nefarious changes are said to have been introduced about a month after the package was published to the registry, likely in an effort to build user trust and expand its reach. The npm account associated with the package is &#8220;friuns&#8221; (aka Igor Levochkin).<\/p>\n<p>Present within the package is code that extracts the contents of Codex&#8217;s &#8220;~\/.codex\/auth.json&#8221; file and exfiltrates them to a remote server (&#8220;sentry.anyclaw[.]store&#8221;) that masquerades as Sentry, a legitimate application monitoring and error tracking platform. The captured data includes the following details: access_token, refresh_token, id_token, and account ID.<\/p>\n<p>&#8220;The refresh_token doesn&#8217;t expire,&#8221; Eriksen said. &#8220;An attacker holding it can silently impersonate you indefinitely. A stolen Codex refresh_token goes beyond access to a chat interface &#8212; it&#8217;s persistent, silent access to whatever that account can do.&#8221;<\/p>\n<p>It&#8217;s worth mentioning here that every time a user logs in to the Codex app, CLI, or IDE Extension using either ChatGPT or an API key, the login details are cached locally in a plaintext file at ~\/.codex\/auth.json or in the operating&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/openai-codex-authentication-tokens.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack https:\/\/thehackernews.com\/2026\/06\/openai-codex-authentication-tokens.html Publish Date: 2026-06-01&#8230;<\/p>\n","protected":false},"author":1,"featured_media":260947,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg4veBAmEJHF2nXN_nIgXeWxVSxlTDBc6uWiLwVCYNUqGMF9ZtPre3zF_CXmGnAxX2rbqfwgm_Au0tXvYwv1oTGim1STiGCeVOyMXglUTd-3LeJEN3q718Fdlck9mbQ6aUUYP0NM9S7bakZ4_XF5HHYH-cz2QmKBlge6xNMxbbEjDjZQ4wd1maPKnjgKrsu\/s1600\/codex.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-260946","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260946"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=260946"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260946\/revisions"}],"predecessor-version":[{"id":260948,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260946\/revisions\/260948"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/260947"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=260946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=260946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=260946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}