Legitimate
Source: Cybersecuritynews
Published:
<p>A polished, fully functional npm package has been caught secretly stealing OpenAI Codex authentication tokens from developers who trusted it. The package, named codexui-android, presented itself as a remote web UI for OpenAI Codex with no obvious signs of being malicious. It built a genuine user