OpenAI has issued an urgent update for macOS users following a security breach related to Axios, a popular JavaScript library. This incident is part of a larger software supply chain attack identified on March 31, 2026.
Details of the Security Breach
The breach involved threat actors, suspected to be linked to North Korea, taking control of the npm account of an Axios maintainer. They released malicious updates, specifically versions v1.14.1 and v0.30.4, which included a hidden Remote Access Trojan (RAT) named plain-crypto-js. This malware was capable of targeting systems across Windows, macOS, and Linux platforms.
Palo Alto Networks’ Unit 42 reported that the RAT was designed for system surveillance, persistence, and self-destruction to avoid detection. With over 100 million weekly downloads, Axios’s compromise posed a significant risk.
Impact on OpenAI’s Systems
OpenAI’s build processes, which utilized Axios in its GitHub Actions workflow, inadvertently integrated the compromised library. This allowed access to critical certificate and notarization materials used for signing OpenAI’s macOS applications, such as ChatGPT Desktop and Codex.
Such access could enable attackers to create counterfeit OpenAI applications. However, OpenAI quickly addressed the root cause, a misconfiguration in its GitHub workflow, and has since resolved it.
Response and Recommendations
To mitigate potential risks, OpenAI is revoking and renewing all macOS security certificates. Users are urged to update their OpenAI applications, including ChatGPT and Codex, to the latest versions to maintain security.
OpenAI assured users that passwords and API keys were not compromised. However, older versions of the applications will stop receiving updates after May 8, 2026, and may become non-functional. Users should update via in-app prompts or official download links.
This incident highlights the increasing threat of software supply chain attacks, urging organizations to adopt enhanced security practices like dependency pinning and workflow audits.
Stay informed with the latest cybersecurity news by following us on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.
