Developers relying on OpenAI's Codex tools just got a harsh reminder that convenience in the AI ecosystem can come at a steep price. Security researchers uncovered a slick supply chain operation that quietly siphoned authentication tokens from users of a seemingly helpful remote web interface package. The attack highlights how adversaries are embedding themselves in legitimate-looking tools that target those building with advanced AI models. The compromised npm package, codexui-android, positioned itself as a handy interface for interacting with Codex remotely. It racked up tens of thousands of weekly downloads by promising an easy way to run the AI coding assistant without local heavy lifting. For roughly the past month, however, versions starting from 0.1.82 included code that pulled sensitive credential files from users' systems and shipped them off to an attacker-controlled server disguised as a monitoring service. This wasn't some fly-by-night typosquatting effort. T...