Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Popular Codex package caught exfiltrating authentication credentials

Researchers said the malicious code was added after the project gained traction, allowing attackers to target developers through a seemingly legitimate tool.

byAytun Çelebi
June 2, 2026
in Cybersecurity, Artificial Intelligence, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Researchers have disclosed a new malicious supply chain campaign targeting developers using OpenAI Codex through a legitimate-looking remote web UI tool known as codexui-android. The package, which is advertised on GitHub and npm, has garnered over 29,000 weekly downloads and remains publicly available for download.

This campaign is notable as it embeds malicious code within a fully functional npm package that has been actively developed, with the associated GitHub repository appearing clean. “For the past month, every single invocation has been quietly exfiltrating your Codex authentication tokens to an attacker-controlled server,” said Charlie Eriksen, a researcher at Aikido Security.

The malicious code seems to have been introduced about a month after the package was initially published, possibly to build user trust and broaden its reach. The npm account tied to the package is “friuns,” which is linked to Igor Levochkin.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The embedded code extracts the “~/.codex/auth.json” file from Codex, sending it to a remote server masquerading as Sentry at “sentry.anyclaw[.]store.” Captured data includes access token, refresh token, id token, and account ID. “The refresh_token doesn’t expire,” Eriksen noted, indicating ongoing unauthorized access capabilities. “An attacker holding it can silently impersonate you indefinitely.”

OpenAI warns users to treat the auth.json file like a password. Login details are cached locally in plaintext or through an operating system-specific credential store, raising further security concerns.

Besides the npm package, Aikido researchers also identified an Android application named OpenClaw Codex Claude AI Agent that utilizes the malicious npm package to exfiltrate credentials. The OpenClaw app, with a small APK size of 26 MB, appears clean in pre-publish scans and runs the npm package in a PRoot sandbox.

The exfiltration chain has been active since version [email protected], which automatically pulls updates from npm. “The version is not pinned, so the device pulls whatever is currently published on npm,” Eriksen explained. The same exfiltration method was also observed in another Android app tied to the developer BrutalStrike, named Codex, which has over 10,000 downloads. The remaining three apps from the developer do not contain this malicious functionality.

Aikido reached out to the author of the npm package on GitHub. Initially, they claimed to have lost access to their npm account but later stated they are investigating the issue and have begun removing the affected functionality. They claimed no credential data was shared with third parties but did not explain why the malicious code was included or the necessity for Codex tokens.

Investigations into domain registrations revealed that “anyclaw[.]store,” linked to the author, was registered shortly after the first version of the npm package was uploaded, specifically on April 12, 2026. This development highlights a broader trend of adversaries exploiting AI development tools to steal credentials and infiltrate the software supply chain.

Additionally, Belgian security researchers found that deleted Google API keys can remain active for up to 23 minutes, presenting a security vulnerability. Google initially dismissed the issue as a non-security concern but later classified it as critical. Similar delays in credential revocation have been noted with AWS access keys, underscoring exploitable vulnerabilities within cloud environments.


Featured image credit

Tags: CodexopenAIsupply chain attack

Related Posts

Claude Fable 5 free access extended until July 19

Claude Fable 5 free access extended until July 19

July 13, 2026
Samsung Galaxy Z TriFold 2 launch may be delayed

Samsung Galaxy Z TriFold 2 launch may be delayed

July 13, 2026
Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

July 13, 2026
OpenAI lifts GPT-5.6 Sol usage limits temporarily

OpenAI lifts GPT-5.6 Sol usage limits temporarily

July 13, 2026
OpenAI launches ChatGPT Work productivity app

OpenAI launches ChatGPT Work productivity app

July 10, 2026
Meta files patent for AI-powered emotional monitoring device

Meta files patent for AI-powered emotional monitoring device

July 10, 2026

LATEST NEWS

Claude Fable 5 free access extended until July 19

Samsung Galaxy Z TriFold 2 launch may be delayed

Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

OpenAI lifts GPT-5.6 Sol usage limits temporarily

OpenAI launches ChatGPT Work productivity app

Meta files patent for AI-powered emotional monitoring device

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.