A malicious npm package, Codex UI, with an astonishing 27,000 weekly downloads has been caught stealing OpenAI refresh tokens, putting thousands of developers at risk of account takeover.
The malicious package, which was likely created to gain unauthorized access to OpenAI’s services, was discovered by Aikido Security and shared with Hackread.com on May 27, 2026. The compromised npm package was found to be exfiltrating OpenAI refresh tokens, allowing potential attackers to hijack developers’ accounts.
The Devastating Consequences
The theft of OpenAI refresh tokens poses a significant risk to developers who use the AI service for their projects. Refresh tokens are used to authenticate and authorize access to sensitive information, and their theft can lead to account takeover and data breaches. This could result in developers losing access to their projects, sensitive data, and potentially even being locked out of their accounts.
Exposing the Shadowy World of AI Development
The discovery of this malicious package has once again highlighted the need for developers to be vigilant when using third-party tools and services. The popularity of Codex UI, which boasts 27,000 weekly downloads, underscores the challenges of maintaining security in the open-source ecosystem. Developers are often unaware of the risks associated with using third-party packages, and the consequences can be severe.
What this means
Developers using OpenAI services should immediately review their npm dependencies and update their packages to prevent potential security breaches. This incident serves as a stark reminder of the importance of security in AI development and the need for developers to remain vigilant when using third-party tools. It’s crucial to choose trusted packages and services to avoid putting their projects and sensitive data at risk.
