Supply Chain Attack Steals OpenAI Codex Authentication Tokens via Malicious npm Package codexui‑android
What Happened – Researchers uncovered a malicious npm package, codexui‑android, marketed as a remote web UI for OpenAI Codex. The package, hosted on GitHub and npm, has been downloaded > 29 k times per week and silently harvests OpenAI authentication tokens from developers’ environments. The package remains publicly available.
Why It Matters for TPRM –
- Credential theft from a third‑party library can give attackers unlimited API usage, leading to cost overruns and data exposure.
- Supply‑chain compromises bypass traditional perimeter defenses, exposing all downstream customers of the compromised component.
- The incident highlights the need for rigorous vetting of open‑source dependencies in AI‑enabled development pipelines.
Who Is Affected – SaaS developers, AI‑tooling vendors, and any organization that integrates OpenAI Codex via npm packages; broadly impacts the TECH_SAAS sector and API_PROVIDER ecosystem.
Recommended Actions –
- Immediately audit all projects for the presence of codexui‑android or similar unauthenticated npm modules.
- Rotate any OpenAI Codex API keys that may have been exposed and enforce short‑lived token policies.
- Strengthen dependency‑management controls (SBOMs, signed packages, automated scanning).
- Review third‑party risk policies to include open‑source supply‑chain monitoring.
Technical Notes – The malicious module injects code that reads the OPENAI_API_KEY environment variable and forwards it to a command‑and‑control server. No CVE is associated; the attack leverages a third‑party dependency vector. Stolen tokens can be used to generate content, extract proprietary prompts, or incur massive billing charges. Source: The Hacker News