VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Theft of OpenAI Codex tokens via npm package codexui-android and Android apps

Кража токенов OpenAI Codex через npm‑пакет codexui-android и Android‑приложения

Colleagues, please note: Aikido Security researchers found a campaign where the npm package codexui-android steals OpenAI Codex tokens.

- Malicious code reads ~/.codex/auth.json and sends access_token, refresh_token, id_token and account ID to sentry.anyclaw.store.
- The same is implemented in Android apps that run the package in PRoot and exfiltrate credentials.
- Researchers warn that refresh_token does not expire, enabling prolonged unauthorized access.

Why it matters: stolen tokens allow actions as the account and endanger the software supply chain.

Have you checked installed packages, local auth.json files, and revoked suspicious tokens?

#cybersecurity #supplychain #OpenAI #DevSecOps

Latest comments

No comments yet.