OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI.

The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over …