Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OpenAI Codex codexui-android supply-chain token theft campaign

Campaign
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

A malicious supply-chain campaign is stealing OpenAI Codex authentication tokens from developers through the codexui-android npm package and mirrored Android apps, creating persistent account-compromise risk. The package was advertised as a remote web UI, drew 29,000+ weekly downloads, and was altered about a month after publication to exfiltrate credentials from `~/.codex/auth.json`. The same token-theft chain also appeared in OpenClaw Codex Claude AI Agent and Codex, extending the exposure across multiple delivery paths.

Related Happenings

Codexui-android credential-stealing package

Malware Activity
First: 01.06.2026 12:31 Last: 01.06.2026 12:31 Sources 1

How related: Present within the package is code that extracts the contents of Codex's "~/.codex/auth.json" file and exfiltrates them to a remote server ("sentry.anyclaw[.]store") that masquerades as Sentry, a legitimate application monitoring and error tracking platform.

About this happening: A malicious npm package and mirrored Android apps are stealing **OpenAI Codex** authentication tokens, creating persistent impersonation risk for developers and users. The payload...

Open Happening

LLMShare ChatGPT share-link malware lure campaign

Campaign
First: 29.05.2026 21:21 Last: 29.05.2026 21:21 Sources 1

About this happening: The **LLMShare** campaign is using **Google ads** and a legitimate **chatgpt.com** shared page to route people searching for **ChatGPT** into a fake **OpenAI outage** lure that pu...

Open Happening

Shai-Hulud worm clone activity on NPM

Malware Activity
First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Open Happening

TeamPCP campaign expands across multiple victims

Campaign
First: 15.05.2026 13:54 Last: 15.05.2026 13:54 Sources 1

About this happening: The **TeamPCP / Mini Shai-Hulud** supply-chain operation is actively compromising **hundreds of packages**, exposing **downstream developers** to **malware delivery** and **creden...

Open Happening

OpenAI hit by cyberattack

Incident
First: 14.05.2026 22:07 Last: 14.05.2026 22:07 Sources 1

About this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...

Open Happening

Timeline

  1. 01.06.2026 12:31 1 articles · 7h ago

    anyclaw[.]store domain registered after codexui-android release

    Technical Analysis Update

    WHOIS records show anyclaw[.]store was registered on April 12, 2026, two days after codexui-android version 0.1.72 was uploaded to npmjs[.]com, indicating attacker-controlled infrastructure was established shortly after the package's first release.

    Show sources
    Open in new tab
  2. 01.06.2026 12:31 2 articles · 7h ago

    Researchers disclose codexui-android token theft targeting OpenAI Codex developers

    Initial Disclosure

    Researchers disclosed a malicious supply-chain campaign targeting OpenAI Codex developers through the codexui-android npm package and related Android apps. The package was advertised as a remote web UI, drew over 29,000 weekly downloads, and includes code that reads Codex's ~/.codex/auth.json file and exfiltrates access_token, refresh_token, id_token, and account ID to sentry.anyclaw[.]store/startlog.

    Show sources
    Open in new tab