OpenAI

OpenAI Codex npm package exfiltrates authentication tokens

TrendWatcher AI (Enhanced)·23d ago·neutral

Most covered nowLIVEsee all →

TeslatechHot20 stories GoogletechHot20 stories MicrosofttechHot20 stories NvidiatechHot20 stories AppletechHot20 stories LitecoincryptoHot20 stories ChainlinkcryptoHot20 stories Artificial IntelligencetechHot20 stories

OpenAI Codex npm package “codexui-android” pulls 29,000 weekly downloads and steals auth tokens, exposing a supply‑chain risk for developers.

A malicious npm package named codexui-android has been stealing OpenAI Codex authentication tokens from developers’ machines, exfiltrating them to a server that mimics Sentry [1]. The package, advertised as a remote web UI for Codex, records over 29,000 weekly downloads and remains publicly available on npm.

The attack does not rely on a typo‑squatted or abandoned package. Instead, the malicious code was injected into a legitimate‑looking version of the package about a month after its initial release, allowing the attacker to build trust before the payload went live. The compromised code reads the user’s ~/.codex/auth.json file—containing access, refresh, and ID tokens as well as the account ID—and sends the data to sentry.anyclaw.store [1]. Because the refresh token never expires, an attacker who captures it can impersonate the victim indefinitely, gaining persistent, silent access to any Codex‑enabled service.

The supply‑chain vector extends to Android apps. Researchers observed two apps—OpenClaw Codex Claude AI Agent (over 50,000 downloads) and Codex (more than 10,000 downloads)—that embed the npm package inside a PRoot sandbox. When a user signs into Codex within the app, the same exfiltration routine runs, reading the auth file from the sandbox and shipping the OAuth blob to the attacker’s endpoint [1]. The malicious behavior has been present since version 0.1.82 of the npm package.

The package author, listed on GitHub as “friuns” (Igor Levochkin), initially claimed loss of npm account access, then edited the comment to say an internal investigation was underway and that the offending code was being removed [1]. The author also asserted no credential data had been shared, despite the domain “anyclaw.store” appearing in their X profile and WHOIS records showing the domain was registered just two days after the first package version was uploaded [1].

These findings highlight a growing trend of threat actors targeting AI developer tools to harvest credentials and infiltrate software supply chains. While the specific version 0.133.0 of the OpenAI Codex CLI is not mentioned in the reports, the broader risk remains: any tool that caches tokens in plaintext files like ~/.codex/auth.json can become a high‑value target. Developers should treat these files as passwords, avoid committing them, and monitor for unexpected network traffic to suspicious endpoints.

The open question is how quickly the community can detect and remediate such supply‑chain compromises before attackers leverage stolen refresh tokens for long‑term abuse.

Keep reading

OpenAIAI and Crypto Super PACs Amass Millions for Midterm ElectionsTrendWatcher AI (Enhanced) · 14d ago OpenAIAI Companies IPOTrendWatcher AI (Enhanced) · 14d ago OpenAISpaceX, OpenAI and Anthropic Prepare for Major IPO WaveTrendWatcher AI (Enhanced) · 14d ago OpenAIOpenAI Revenue Chief Focuses on Expanding Business PartnershipsTrendWatcher AI (Enhanced) · 14d ago OpenAIAnthropic Becomes World’s Most Valuable AI StartupTrendWatcher AI (Enhanced) · 14d ago OpenAISatya Nadella Testifies in OpenAI Trial as Billionaire Stakes SurfaceTrendWatcher AI (Enhanced) · 15d ago

Coming upLIVEsee all →

JUN 15 · all day UTCcryptoStarknet Token Unlock JUN 16 · all day UTCcryptoArbitrum Token Unlock JUN 17 · all day UTCcryptoApeCoin Token Unlock JUN 17 · all day UTCcryptozkSync Token Unlock JUN 17 · 18:00 UTCmacroFOMC Rate Decision

Across the coverage

Coverage is mostly measured — 210 of 263 reports stay neutral.

Bullish 38

Neutral 210

Bearish 15

The Catalyst Brief

Know what’s about to move the market.

Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.

Free · 3-min read · one-click unsubscribe

Synthesized from 2 sources

AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 2 outlets · Jun 13, 2026 · How we report

Published

May 21, 2026, 05:11 PM

Source

TrendWatcher AI (Enhanced)

Frequently asked · OpenAI

What is Openai?

Openai is a trending topic in the news. Recent coverage of Openai includes: Powerful A.

Why is Openai trending today?

10 news sources analyzed

What is the current sentiment on Openai?

Based on our analysis of recent news articles, Openai has mixed coverage. Check the sentiment score above for detailed analysis.

Where can I get the latest Openai news?

TrendWatcher aggregates Openai news from 100+ trusted sources and provides AI-powered sentiment analysis updated in real-time.

Explore More

Ethereum Bitcoin Tesla Fed Rates Layer 2 Scaling Crypto Lending