How did the 'codexui-android' package compromise developer security?

The package embedded malicious code that extracted Codex authentication tokens from developers' systems and sent them to an attacker-controlled server, enabling unauthorized access to their accounts.

What measures can developers take to protect against similar supply chain attacks?

Developers should thoroughly vet third-party packages, monitor for unusual behavior, and implement security tools to detect and prevent unauthorized data exfiltration.

Malicious npm Package 'codexui-android' Compromises OpenAI Codex Tokens

A seemingly legitimate npm package, 'codexui-android', has been discovered exfiltrating OpenAI Codex authentication tokens, highlighting the need for vigilance in software supply chain security.

Published: June 1, 2026

Share this on:

Executive Summary

In May 2026, a malicious supply chain attack targeted developers using OpenAI Codex through a seemingly legitimate npm package named 'codexui-android'. This package, advertised as a remote web UI for OpenAI Codex, amassed over 29,000 weekly downloads. Approximately a month after its initial release, the package began exfiltrating users' Codex authentication tokens to an attacker-controlled server, granting unauthorized access to developers' accounts. The malicious code was embedded into a functional npm package that had undergone active development, making it particularly insidious. The associated GitHub repository remained clean, further complicating detection. (thehackernews.com)

This incident underscores the growing sophistication of supply chain attacks, where threat actors leverage trusted development tools to infiltrate systems. The use of a functional and actively developed package to distribute malicious code highlights the need for heightened vigilance in the software development community. Developers are urged to scrutinize third-party packages, even those with established reputations, to mitigate the risk of credential theft and unauthorized access.

Why This Matters Now

The 'codexui-android' incident highlights the increasing sophistication of supply chain attacks targeting trusted development tools. Developers must exercise heightened vigilance when integrating third-party packages to prevent unauthorized access and credential theft.

Attack Path Analysis

Attackers introduced malicious code into the 'codexui-android' npm package, which, upon installation, exfiltrated OpenAI Codex authentication tokens to an attacker-controlled server. This allowed the attackers to impersonate users indefinitely, potentially accessing sensitive data and services. The attack was facilitated by the package's active development and legitimate appearance, leading to widespread adoption among developers.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

Mediuminferred

Command & Control

High

Exfiltration

High

Impact

Mediuminferred

Initial Compromise

Description

Attackers embedded malicious code into the 'codexui-android' npm package, which was widely downloaded by developers seeking a remote web UI for OpenAI Codex.

Confidence:

High

MITRE ATT&CK® Techniques

Initial Access

T1195.002

Compromise Software Supply Chain

Initial Access

T1195.001

Compromise Software Dependencies and Development Tools

Defense Evasion

T1078

Valid Accounts

Credential Access

T1552.001

Credentials in Files

Exfiltration

T1567.002

Exfiltration Over Web Service

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Ensure the integrity of software and scripts

Control ID: 6.3.2

The attack involved the distribution of a malicious npm package, compromising software integrity and violating PCI DSS requirements for secure software development.

NYDFS 23 NYCRR 500 – Encryption of Nonpublic Information

Control ID: 500.15

The exfiltration of authentication tokens indicates a failure to adequately protect nonpublic information, contravening NYDFS encryption requirements.

DORA – ICT Risk Management Framework

Control ID: Article 6

The incident highlights deficiencies in managing ICT supply chain risks, as mandated by DORA's risk management framework.

CISA ZTMM 2.0 – Data Security

Control ID: Pillar 3

The unauthorized access and exfiltration of sensitive data demonstrate a lapse in data security controls, conflicting with CISA's Zero Trust principles.

NIS2 Directive – Supply Chain Security

Control ID: Article 21

The supply chain attack underscores vulnerabilities in third-party software dependencies, violating NIS2's requirements for supply chain security.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Computer Software/Engineering

Direct exposure to npm supply chain attacks targeting developer tools; compromised authentication tokens threaten source code repositories and development infrastructure security.

Information Technology/IT

High risk from malicious packages in software supply chains; stolen OpenAI tokens could compromise AI-integrated systems and automated development workflows.

Financial Services

Supply chain compromises threaten fintech applications using AI coding tools; stolen authentication credentials could expose sensitive financial data and trading algorithms.

Health Care / Life Sciences

AI-powered healthcare applications vulnerable to supply chain attacks; compromised development tools risk HIPAA compliance violations and patient data exposure.

Sources

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attackhttps://thehackernews.com/2026/06/openai-codex-authentication-tokens.html
Verified

OpenAI credential-stealing malware found hidden inside popular Codex toolhttps://cybernews.com/security/openai-codex-tool-malware-token-theft/

Verified

Malicious npm Package Steals OpenAI Codex Tokenshttps://vibeaudits.com/blog/malicious-npm-package-steals-openai-codex-tokens-

Verified

Frequently Asked Questions

'codexui-android' is an npm package advertised as a remote web UI for OpenAI Codex, which was found to exfiltrate authentication tokens from developers' systems.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to exfiltrate authentication tokens and move laterally within the network, thereby reducing the potential blast radius.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The CNSF may have limited the reach of the malicious code by enforcing strict workload-to-workload communication policies, potentially preventing unauthorized code execution.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: Zero Trust Segmentation would likely have constrained the attacker's ability to access sensitive tokens by enforcing strict identity-based access controls.

Lateral Movement

Control: East-West Traffic Security

Mitigation: East-West Traffic Security may have restricted the attacker's ability to move laterally by enforcing workload isolation and monitoring internal traffic.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: Multicloud Visibility & Control would likely have identified and constrained unauthorized outbound communications to attacker-controlled servers.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: Egress Security & Policy Enforcement may have limited the exfiltration of sensitive data by enforcing strict outbound traffic policies.

Impact (Mitigations)

The implementation of Aviatrix Zero Trust CNSF would likely have reduced the overall impact by limiting the attacker's ability to access and exploit sensitive data and services.

Impact at a Glance

Affected Business Functions

Software Development
API Integration

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

OpenAI Codex authentication tokens, including access_token, refresh_token, id_token, and account ID.

Recommended Actions

• Implement Zero Trust Segmentation to restrict access between workloads and prevent unauthorized lateral movement.
• Enforce Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
• Utilize Threat Detection & Anomaly Response to identify and respond to unusual activities indicative of credential theft or misuse.
• Apply Inline IPS (Suricata) to detect and block malicious payloads within network traffic.
• Ensure Multicloud Visibility & Control to maintain comprehensive oversight of all cloud environments and detect anomalous interactions.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Malicious npm Package 'codexui-android' Compromises OpenAI Codex Tokens

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

MITRE ATT&CK® Techniques

Compromise Software Supply Chain

Compromise Software Dependencies and Development Tools

Valid Accounts

Credentials in Files

Exfiltration Over Web Service

Potential Compliance Exposure

PCI DSS 4.0 – Ensure the integrity of software and scripts

NYDFS 23 NYCRR 500 – Encryption of Nonpublic Information

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Data Security

NIS2 Directive – Supply Chain Security

Sector Implications

Computer Software/Engineering

Information Technology/IT

Financial Services

Health Care / Life Sciences

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads