Find notable cyber news and cases, enriched with sources, timelines, and signals.

OpenAI Codex codexui-android supply-chain token theft campaign

Campaign
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

A malicious supply-chain campaign is stealing OpenAI Codex authentication tokens from developers through the codexui-android npm package and mirrored Android apps, creating persistent account-compromise risk. The package was advertised as a remote web UI, drew 29,000+ weekly downloads, and was altered about a month after publication to exfiltrate credentials from `~/.codex/auth.json`. The same token-theft chain also appeared in OpenClaw Codex Claude AI Agent and Codex, extending the exposure across multiple delivery paths.

Related Happenings

Codexui-android credential-stealing package

Malware Activity
H score42 First: 01.06.2026 12:31 Last: 01.06.2026 12:31 Sources 1

How related: Present within the package is code that extracts the contents of Codex's "~/.codex/auth.json" file and exfiltrates them to a remote server ("sentry.anyclaw[.]store") that masquerades as Sentry, a legitimate application monitoring and error tracking platform.

About this happening: A malicious npm package and mirrored Android apps are stealing OpenAI Codex authentication tokens, creating persistent impersonation risk for developers and users. The payload...

LLMShare ChatGPT share-link malware lure campaign

Campaign
H score47 First: 29.05.2026 21:21 Last: 29.05.2026 21:21 Sources 1

About this happening: The LLMShare campaign is using Google ads and a legitimate chatgpt.com shared page to route people searching for ChatGPT into a fake OpenAI outage lure that pu...

Shai-Hulud worm clone activity on NPM

Malware Activity
H score69 First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The Shai-Hulud malware activity has continued to evolve across the npm supply chain and related developer ecosystems. It first infected npm packages in September 202...

TeamPCP campaign expands across multiple victims

Campaign
H score49 First: 15.05.2026 13:54 Last: 15.05.2026 13:54 Sources 1

About this happening: The TeamPCP / Mini Shai-Hulud supply-chain operation is actively compromising hundreds of packages, exposing downstream developers to malware delivery and creden...

OpenAI hit by cyberattack

Incident
H score38 First: 14.05.2026 22:07 Last: 14.05.2026 22:07 Sources 1

About this happening: OpenAI confirmed two employees' devices were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of ...

Timeline

  1. 01.06.2026 12:31 1 articles · 1mo ago

    anyclaw[.]store domain registered after codexui-android release

    Technical Analysis Update

    WHOIS records show anyclaw[.]store was registered on April 12, 2026, two days after codexui-android version 0.1.72 was uploaded to npmjs[.]com, indicating attacker-controlled infrastructure was established shortly after the package's first release.

    Show sources
  2. 01.06.2026 12:31 2 articles · 1mo ago

    Researchers disclose codexui-android token theft targeting OpenAI Codex developers

    Initial Disclosure

    Researchers disclosed a malicious supply-chain campaign targeting OpenAI Codex developers through the codexui-android npm package and related Android apps. The package was advertised as a remote web UI, drew over 29,000 weekly downloads, and includes code that reads Codex's ~/.codex/auth.json file and exfiltrates access_token, refresh_token, id_token, and account ID to sentry.anyclaw[.]store/startlog.

    Show sources