OpenAI Codex codexui-android supply-chain token theft campaign
Campaign
Summary
Hide ▲
Show ▼
A malicious supply-chain campaign is stealing OpenAI Codex authentication tokens from developers through the codexui-android npm package and mirrored Android apps, creating persistent account-compromise risk. The package was advertised as a remote web UI, drew 29,000+ weekly downloads, and was altered about a month after publication to exfiltrate credentials from `~/.codex/auth.json`. The same token-theft chain also appeared in OpenClaw Codex Claude AI Agent and Codex, extending the exposure across multiple delivery paths.
Related Happenings
Codexui-android credential-stealing package
Malware Activity
H score42
First: 01.06.2026 12:31
Last: 01.06.2026 12:31
Sources 1
How related:
Present within the package is code that extracts the contents of Codex's "~/.codex/auth.json" file and exfiltrates them to a remote server ("sentry.anyclaw[.]store") that masquerades as Sentry, a legitimate application monitoring and error tracking platform.
About this happening:
A malicious npm package and mirrored Android apps are stealing OpenAI Codex authentication tokens, creating persistent impersonation risk for developers and users. The payload...
Codexui-android credential-stealing package
Malware ActivityHow related: Present within the package is code that extracts the contents of Codex's "~/.codex/auth.json" file and exfiltrates them to a remote server ("sentry.anyclaw[.]store") that masquerades as Sentry, a legitimate application monitoring and error tracking platform.
About this happening: A malicious npm package and mirrored Android apps are stealing OpenAI Codex authentication tokens, creating persistent impersonation risk for developers and users. The payload...
LLMShare ChatGPT share-link malware lure campaign
Campaign
H score47
First: 29.05.2026 21:21
Last: 29.05.2026 21:21
Sources 1
About this happening:
The LLMShare campaign is using Google ads and a legitimate chatgpt.com shared page to route people searching for ChatGPT into a fake OpenAI outage lure that pu...
LLMShare ChatGPT share-link malware lure campaign
CampaignAbout this happening: The LLMShare campaign is using Google ads and a legitimate chatgpt.com shared page to route people searching for ChatGPT into a fake OpenAI outage lure that pu...
Shai-Hulud worm clone activity on NPM
Malware Activity
H score69
First: 18.05.2026 12:45
Last: 18.05.2026 12:45
Sources 1
About this happening:
The Shai-Hulud malware activity has continued to evolve across the npm supply chain and related developer ecosystems. It first infected npm packages in September 202...
Shai-Hulud worm clone activity on NPM
Malware ActivityAbout this happening: The Shai-Hulud malware activity has continued to evolve across the npm supply chain and related developer ecosystems. It first infected npm packages in September 202...
TeamPCP campaign expands across multiple victims
Campaign
H score49
First: 15.05.2026 13:54
Last: 15.05.2026 13:54
Sources 1
About this happening:
The TeamPCP / Mini Shai-Hulud supply-chain operation is actively compromising hundreds of packages, exposing downstream developers to malware delivery and creden...
TeamPCP campaign expands across multiple victims
CampaignAbout this happening: The TeamPCP / Mini Shai-Hulud supply-chain operation is actively compromising hundreds of packages, exposing downstream developers to malware delivery and creden...
OpenAI hit by cyberattack
Incident
H score38
First: 14.05.2026 22:07
Last: 14.05.2026 22:07
Sources 1
About this happening:
OpenAI confirmed two employees' devices were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of ...
OpenAI hit by cyberattack
IncidentAbout this happening: OpenAI confirmed two employees' devices were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of ...
Timeline
-
01.06.2026 12:31 1 articles · 1mo ago
anyclaw[.]store domain registered after codexui-android release
Technical Analysis UpdateWHOIS records show anyclaw[.]store was registered on April 12, 2026, two days after codexui-android version 0.1.72 was uploaded to npmjs[.]com, indicating attacker-controlled infrastructure was established shortly after the package's first release.
Show sources
- OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack — thehackernews.com — 01.06.2026 12:31
-
01.06.2026 12:31 2 articles · 1mo ago
Researchers disclose codexui-android token theft targeting OpenAI Codex developers
Initial DisclosureResearchers disclosed a malicious supply-chain campaign targeting OpenAI Codex developers through the codexui-android npm package and related Android apps. The package was advertised as a remote web UI, drew over 29,000 weekly downloads, and includes code that reads Codex's ~/.codex/auth.json file and exfiltrates access_token, refresh_token, id_token, and account ID to sentry.anyclaw[.]store/startlog.
Show sources
- OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack — thehackernews.com — 01.06.2026 12:31
- OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack — thehackernews.com — 01.06.2026 12:31