Attack targeting OpenAI Codex users exposes AI software supply chain risks

Key Points:

• A malicious npm package named codexui-android, masquerading as a legitimate tool for OpenAI Codex, exfiltrated developer authentication tokens by embedding malicious code not visible in the public GitHub repository.
• The attack impacts developers using AI tools, as stolen tokens provide persistent access to sensitive accounts, highlighting vulnerabilities in software supply chain security where focus is often on source code rather than distributed artifacts.
• Organizations are advised to verify the provenance of software packages and ensure consistency between published artifacts and their source code to mitigate risks associated with AI developer tools.

Technical Details: The codexui-android package collected sensitive tokens (access tokens, refresh tokens, ID tokens) and sent them to an external server. This incident underscores the risk of attackers leveraging seemingly legitimate projects to execute malicious activities.

MITRE ATT&CK Techniques:

• None mentioned

IOCs Mentioned:

• None mentioned