A new supply chain attack has been revealed against the OpenAI Codex platform used by software developers. A well-known tool distributed through the npm platform is used to steal users’ credentials.

Codex is known as a software engineering tool that helps developers in the process of writing code, debugging and testing. The attack on this platform is carried out through a tool called codexui-android, published on both GitHub and npm.

Working principle of malware

Introduced as a remote web user interface, codexui-android attracted attention by reaching more than 29,000 weekly downloads. While the source codes of the tool on GitHub appear to be clean, with the update published via npm, harmful codes that steal information were added to the system.

When developers run this tool, the application looks for Codex authentication tokens in the background. These detected tokens are automatically sent to a server controlled by the attackers.

Aikido Security researcher Charlie Eriksen states that renewal tokens, especially those that do not expire, pose a great risk. Attackers who capture these tokens can gain long-term access without needing a password.

Thanks to these stolen tokens, attackers can infiltrate the OpenAI accounts of the victims. Dangerous situations may arise such as spending API credits, viewing private projects, and interacting with OpenAI services by impersonating the victim.

Similar threats in Android applications

In the investigations carried out by Aikido Security, two different Android applications published by the same account were also detected. It was determined that these applications also targeted Codex users and stole their credentials through similar means.

While the application named OpenClaw Codex Claude AI Agent has reached more than 50,000 downloads, another application named Codex has received more than 10,000 downloads. These applications run the npm package in a PRoot virtual environment and transmit data to the attackers’ server.

Experts emphasize that caution should be exercised when using such vehicles. Do you think that appropriate security precautions are taken when downloading software development tools?