Malicious npm Package Exfiltrates OpenAI Codex Tokens
AI-generated from multiple sources. Verify before acting on this reporting.
SAN FRANCISCO — A malicious code injection in a popular software development package has compromised OpenAI Codex authentication tokens, security researchers confirmed Monday. The attack, attributed to the threat actor group BrutalStrike, utilized a compromised npm registry account to distribute infected code to developers globally.
The vulnerability was embedded within the codexui-android npm package and a related Android application. The malicious code was designed to exfiltrate authentication tokens, granting unauthorized access to user accounts and enabling persistent control over OpenAI Codex services. The attack was detected on June 1, 2026, following reports of unusual activity from affected users.
The npm account used to distribute the malicious package was registered under the username 'friuns' and linked to Igor Levochkin. Security experts indicate that the account was likely compromised or created specifically for the attack campaign. The infected package was available on the npm registry, a widely used platform for sharing JavaScript code libraries, and was subsequently integrated into Android applications distributed through app stores.
OpenAI Codex is a widely used artificial intelligence tool for software development, and the compromise of authentication tokens poses significant risks to developers and organizations relying on the service. The exfiltrated tokens could allow attackers to access sensitive code repositories, manipulate development workflows, and potentially deploy further malicious payloads within victim systems.
The attack highlights the growing threat of supply chain compromises, where attackers target software distribution channels to infiltrate multiple downstream systems simultaneously. Unlike traditional malware that targets end-users directly, this attack leveraged the trust developers place in shared code libraries to bypass security controls.
Security firms are currently investigating the full scope of the compromise, including the number of affected users and the extent of data exfiltration. Developers are urged to audit their systems for the presence of the malicious package and rotate any potentially compromised credentials. OpenAI has not yet issued a public statement regarding the incident.
The incident raises questions about the security measures in place for npm account verification and the vetting processes for packages distributed through the registry. It also underscores the need for enhanced monitoring of third-party dependencies in software development pipelines. As of Monday, no further details have been released regarding the identity of the threat actor or the motivation behind the attack beyond credential theft.
Investigations are ongoing to determine if the compromised tokens were used to access other systems or if the attack was part of a broader campaign targeting software development infrastructure. The situation remains fluid as security teams work to contain the breach and prevent further exploitation.