← Back to summary

OpenAI Codex tool with 29,000 weekly downloads stole developer tokens · Ai Technology news · PiQMarkets

12 storiesAI & TechnologyOpenAI developments & fundingAI coding tools (GitHub Copilot, Cursor)

OpenAI Codex tool with 29,000 weekly downloads stole developer tokens

6 Jun · 1:35 PMwindow 24h

IN SHORT

A popular npm package for OpenAI Codex, codexui-android, has been stealing developer tokens for approximately one month. The package had around 29,000 weekly downloads and featured an active GitHub repository, appearing legitimate.

1 / 2

A popular npm package for OpenAI Codex, codexui-android, has been stealing developer tokens for approximately one month. The package had around 29,000 weekly downloads and featured an active GitHub repository, appearing legitimate.

FREQUENTLY ASKED

codexui-android is an npm package that was advertised as a remote web UI for OpenAI Codex. It has been found to contain malicious code that steals developer tokens.

The package had approximately 29,000 weekly downloads, suggesting a significant number of developers may have been exposed.

The malicious activity of stealing developer tokens has been ongoing for approximately one month.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

All stories in this theme

Miasma worm infects 73 Microsoft GitHub repositories

6 Jun · 1:35 PM

Mira Murati resurfaces with AI governance warning

6 Jun · 3:11 AM

Von der Leyen's AI envoy pick faces conflict-of-interest backlash

6 Jun · 1:08 AM

Anthropic calls for coordinated pause on frontier AI development

5 Jun · 3:33 AM