Codex Token Theft Hits npm Supply Chain Attack

Robert Moore · 2026-06-01

Cybersecurity researchers have uncovered a new supply chain attack targeting developers who use OpenAI Codex. They’re doing it through a cleverly disguised remote web UI that looks totally legitimate. The malicious package is called codexui-android. It’s hosted on GitHub and npm, and it’s being marketed as a remote interface for OpenAI Codex. The scary part? It’s been downloaded over 29,000 times each week. And it’s still available for download right now. ### What Exactly Is This Attack? This isn’t your typical malware. It’s a supply chain attack, which means the attackers are sneaking malicious code into a tool that developers actually trust and use. Think of it like a wolf in sheep’s clothing. The package looks harmless, but once installed, it steals authentication tokens from your system. These tokens are like digital keys. They give the attacker access to your OpenAI Codex account. That means they can use your credits, access your projects, and even steal sensitive data you’re working on. For developers, that’s a nightmare. ### Why Should Developers Care? If you’re a developer in the United States using OpenAI Codex, this affects you directly. The attack targets your workflow and your trust in open-source tools. Over 29,000 weekly downloads show just how many people might be at risk right now. - Your authentication tokens can be stolen without you knowing. - Your Codex account could be compromised. - Your projects and data might be exposed. This isn’t just a theoretical threat. It’s happening now, and it’s active. The package is still live, so if you’ve downloaded it recently, you need to act fast. ### How to Protect Yourself First, check if you have codexui-android installed. If you do, remove it immediately. Then, revoke any tokens associated with your OpenAI Codex account. Change your passwords and enable two-factor authentication if you haven’t already. Second, be more careful about what you install from npm and GitHub. Always verify the source. Look for red flags like poor documentation, lack of reviews, or sudden popularity spikes. A tool that’s too good to be true often is. Third, consider using antidetect browsers for your development work. They can help mask your digital fingerprint and make it harder for attackers to target you specifically. While not a silver bullet, they add an extra layer of security. ### The Bigger Picture Supply chain attacks like this are becoming more common. Attackers know that developers trust popular repositories, so they exploit that trust. It’s a reminder that even in the open-source world, vigilance is key. For professionals in the antidetect browser space, this is a wake-up call. Your tools and workflows are only as secure as the code you run. Always audit third-party packages, and don’t assume something is safe just because it’s popular. ### What’s Next? Cybersecurity researchers are tracking this campaign closely. But the package is still available, which means more developers could fall victim. If you’re a developer, take action now. Don’t wait for the next update or patch. In the meantime, stay informed. Follow security news and update your practices regularly. The digital landscape changes fast, and staying one step ahead is the best defense. “Trust, but verify.” That old adage has never been more relevant than in today’s development environment.