Malicious Package Affecting codexui-android package, versions *
Threat Intelligence
Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-CODEXUIANDROID-17146577
- published4 Jun 2026
- disclosed26 May 2026
- creditUnknown
Introduced: 26 May 2026
New Malicious CVE NOT AVAILABLE CWE-506 (opens in a new tab)How to fix?
Avoid using all malicious instances of the codexui-android package.
Overview
codexui-android is a malicious package.
offering a remote web UI for OpenAI Codex, secretly stealing Codex OAuth credentials. Malicious code exists only in published npm builds—not in the public GitHub repo—and runs at import time, reading ~/.codex/auth.json, XOR-encrypting it, and POSTing tokens to sentry.anyclaw.store disguised as telemetry. Stolen refresh tokens enable long-lived impersonation. The same author’s Android apps (including “OpenClaw Codex Claude AI Agent” and the paid “Codex” app) bootstrap Termux/PRoot, install the package, and exfiltrate in-app sign-ins.