Codexui-android credential-stealing package
Malware Activity
Summary
Hide ▲
Show ▼
A malicious npm package and mirrored Android apps are stealing OpenAI Codex authentication tokens, creating persistent impersonation risk for developers and users. The payload reads `~/.codex/auth.json` and sends access_token, refresh_token, and related OAuth data to sentry.anyclaw[.]store. The same exfiltration chain has been present since [email protected] and also runs inside an Android wrapper through PRoot.
Related Happenings
OpenAI Codex codexui-android supply-chain token theft campaign
Campaign
First: 01.06.2026 12:31
Last: 01.06.2026 12:31
Sources 1
How related:
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI.
About this happening:
A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
OpenAI Codex codexui-android supply-chain token theft campaign
CampaignHow related: Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI.
About this happening: A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
Timeline
-
01.06.2026 12:31 1 articles · 7h ago
codexui-android appears on npm as a remote OpenAI Codex web UI
Campaign Scope UpdateThe package `codexui-android` is uploaded to npmjs[.]com as a legitimate-looking remote web UI for OpenAI Codex and is advertised on GitHub and npm, reaching more than 29,000 weekly downloads.
Show sources
- OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack — thehackernews.com — 01.06.2026 12:31
-
01.06.2026 12:31 1 articles · 7h ago
anyclaw[.]store is registered for Codex token exfiltration infrastructure
Detection Ioc UpdateThe domain `anyclaw[.]store` is registered two days after the first `codexui-android` release, creating the infrastructure later used to masquerade as Sentry for Codex credential exfiltration.
Show sources
- OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack — thehackernews.com — 01.06.2026 12:31
-
01.06.2026 12:31 1 articles · 7h ago
codexui-android begins exfiltrating OpenAI Codex OAuth data
Technical Analysis UpdateAbout a month after the package was published, malicious code in `codexui-android` starts reading `~/.codex/auth.json` from OpenAI Codex users and shipping `access_token`, `refresh_token`, `id_token`, and account ID to `sentry.anyclaw[.]store/startlog`; the exfiltration is reported as present since `[email protected]`.
Show sources
- OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack — thehackernews.com — 01.06.2026 12:31
-
01.06.2026 12:31 2 articles · 7h ago
Aikido Security discloses the codexui-android supply-chain campaign
Initial DisclosureAikido Security discloses a malicious supply-chain campaign targeting OpenAI Codex developers and confirms that the Android app `OpenClaw Codex Claude AI Agent` (`gptos.intelligence.assistant`) runs the npm package inside a PRoot sandbox, while a second app named `Codex` (`codex.app`) uses the same exfiltration chain.
Show sources
- OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack — thehackernews.com — 01.06.2026 12:31
- OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack — thehackernews.com — 01.06.2026 12:31