OpenAI Codex Authentication Tokens Stolen in Codexui-Android Npm Supply Chain Attack

The codexui-android incident underscores a new wave of supply‑chain compromises that embed malicious code in legitimate, actively maintained packages. Unlike classic typosquatting, the attacker waited a month after the package’s initial release to insert credential‑stealing logic, leveraging the trust built through 29,000 weekly downloads. By targeting the plaintext auth.json file used by OpenAI’s CLI and IDE extensions, the threat actor harvests refresh tokens that never expire, granting indefinite impersonation of any Codex user. This method bypasses typical token‑revocation safeguards, because the stolen refresh token can regenerate access tokens at will.

Mobile developers are not immune. The same malicious npm module is executed inside a sandboxed Linux environment launched by two Android applications published by BrutalStrike, each with tens of thousands of installs. The apps pull the latest npm version, meaning any future malicious update could instantly affect all downstream users. This cross‑platform delivery amplifies the attack surface, turning a single compromised package into a multi‑device credential‑theft engine. Security teams must therefore monitor not only npm dependencies but also any third‑party binaries that may embed them.

The broader lesson extends to cloud credential management. Recent findings of exploitable windows after key deletion—such as Google’s 23‑minute and AWS’s 4‑second revocation delays—show that lingering credentials are a systemic risk. Organizations should implement real‑time revocation checks, enforce short‑lived tokens, and treat credential files like passwords, storing them in encrypted vaults rather than plaintext. As AI tooling becomes integral to software development, proactive supply‑chain hygiene and robust credential hygiene will be essential to safeguard intellectual property and maintain trust in emerging technologies.