Legitimate-Looking Codex Remote UI Steals OpenAI Codex Authentication Tokens

A polished, fully functional npm package has been caught secretly stealing OpenAI Codex authentication tokens from developers who trusted it. The package, named codexui-android, presented itself as a remote web UI for OpenAI Codex with no obvious signs of being malicious. It built a genuine user base, amassed 27,000 weekly downloads, and maintained an active […] The post Legitimate-Looking Codex Remote UI Steals OpenAI Codex Authentication Tokens appeared first on Cyber Security News.