Popular NPM Package Steals OpenAI Keys

A malicious npm package posing as a tool for OpenAI Codex is stealing developer authentication tokens and has over 29,000 weekly downloads.

Security researchers have uncovered an active supply chain attack targeting developers via the npm package registry. A malicious package named 'codexui-android' is stealing OpenAI Codex authentication tokens from its users. The package is deceptively advertised on both GitHub and npm as a useful remote web user interface for OpenAI's code-generation tool. This legitimate-sounding description has helped it gain significant traction, attracting over 29,000 downloads weekly. While it may offer some of its promised functionality, its primary hidden purpose is to find and exfiltrate sensitive developer credentials, sending them to an attacker-controlled server.

The implications of this attack are serious for any developer or organization that has used this package. Stolen authentication tokens provide attackers with direct access to a user's OpenAI account. This access could be used to make unauthorized API calls, leading to unexpected financial costs and service disruptions. Furthermore, attackers could potentially access sensitive information or proprietary code that has been processed through the compromised account. The attack highlights the inherent risks in modern software development, where dependencies on third-party packages are common. Because the package is still available, the threat remains active and requires immediate attention from the developer community.

This supply chain attack exploits trust in the open-source ecosystem, turning a popular developer tool into a credential-stealing trojan.

Stolen OpenAI keys can lead to unauthorized API usage, resulting in significant financial costs, potential exposure of proprietary code, and disruption of AI-powered services.