Key Findings Popular codexui-android npm package with 27,000 weekly downloads contained malicious code stealing OpenAI authentication credentials Malicious code hidden in published package only, not in public GitHub repository, evading standard audits Attackers stole access tokens, ID tokens, account IDs, and refresh tokens from local auth.json files Refresh tokens do not expire, allowing attackers indefinite account impersonation Same threat actor deployed malicious Android