OpenAI Revokes macOS App Certificates After North Korean Supply Chain Attack on Axios

OpenAI issued an urgent security warning on April 29, instructing all macOS users to update their apps before May 8, 2026 — or risk being locked out as the company revokes compromised code-signing certificates.

The incident traces to a supply chain attack on Axios, a widely used HTTP library. On March 31, attackers — believed to be North Korean state-sponsored hackers — compromised the lead maintainer's npm and GitHub accounts through social engineering, then injected malware into Axios versions 1.14.0 and 1.14.1. The malicious versions introduced a hidden dependency, plain-crypto-js, which functioned as a remote access trojan (RAT) targeting Windows, macOS, and Linux.

OpenAI's macOS app-signing workflow downloaded the compromised version, exposing a certificate used to sign ChatGPT Desktop, Codex, Codex CLI, and Atlas. Although OpenAI confirmed no user data or API keys were stolen, the company treated the certificate as compromised and has revoked and rotated it.

Apps signed with the old certificate will be blocked by macOS security protections by default starting May 8. Users who do not update before that date will find their apps fail to launch.

The incident illustrates how supply chain vulnerabilities in broadly adopted open-source packages can cascade into high-profile security events — even for organizations with sophisticated security postures. Full details at The Hacker News.