OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
criticalnews
security
Source: The Hacker NewsJune 1, 2026
Summary
Attackers compromised the popular npm package codexui-android (which provides a remote interface for OpenAI Codex, a code-writing AI tool) and embedded malicious code that secretly steals authentication tokens (login credentials) from users and sends them to an attacker-controlled server. The stolen tokens, especially the refresh_token (which never expires), allow attackers to impersonate users indefinitely and access everything their Codex account can do.
Classification
Attack Type
Supply ChainData Extraction
Attack SophisticationAdvanced
Impact (CIA+S)
confidentiality
Affected Vendors
OpenAI
Related Issues
Monthly digest — independent AI security research
Original source: https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html
First tracked: June 1, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 95%