OpenAI rotates macOS certs after Axios attack hit code-signing workflow
OpenAI rotates macOS code-signing certs after compromised Axios package hit GitHub Actions workflow.
Summary
OpenAI discovered that a malicious Axios npm package (v1.14.1) was executed in a GitHub Actions workflow on March 31, 2026, gaining access to macOS code-signing certificates used for ChatGPT Desktop and other applications. Although investigation found no evidence the certificates were compromised or misused, OpenAI is proactively revoking and rotating them as a precaution. The incident is linked to North Korean threat actor UNC1069, who used social engineering to compromise an Axios maintainer and publish malicious package versions to npm.
Full text
OpenAI rotates macOS certs after Axios attack hit code-signing workflow By Lawrence Abrams April 13, 2026 01:39 PM 0 OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. The company said that on March 31, 2026, the legitimate workflow downloaded and executed a compromised Axios package (version 1.14.1) that was used in attacks to deploy malware on devices. That workflow had access to code-signing certificates used to sign OpenAI's macOS apps, including ChatGPT Desktop, Codex, Codex CLI, and Atlas. While OpenAI says its investigation found no evidence that the signing certificate was compromised, the company is treating it as potentially compromised out of caution and is now revoking and rotating it. "Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps. We found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered," explains an OpenAI security advisory. "We are updating our security certificates, which will require all macOS users to update their OpenAI apps to the latest versions." macOS users will need to update their apps to versions signed with the new certificate, as older versions may stop working on May 8, 2026. OpenAI worked with a third-party incident response firm to conduct an investigation, which found no evidence that the incident exposed its certificates or that they were used to distribute malicious software. The company also analyzed previous notarization activity linked to the certificate and confirmed that everything signed with it was legitimate. However, if the attacker obtained the certificate, they could use it to sign their own macOS applications that appear to be legitimately signed by OpenAI. Therefore, to reduce the risk, OpenAI says it is working with Apple to ensure no future software can be notarized with the previous certificate. OpenAI says that the certificate will be fully revoked on May 8, after which attempts to launch applications signed with it will be blocked by macOS protections. OpenAI says the issue is limited to its macOS applications and does not affect its web services or apps on iOS, Android, Windows, or Linux. It also says user accounts, passwords, and API keys were not impacted. Users are advised to update via in-app features or the official download pages, and to avoid installing software from links sent via email, ads, or third-party sites. The company says it will continue monitoring for any signs that the old certificate is being misused and may speed up the revocation timeline if anything suspicious is detected. The Axios supply chain attack has been linked to North Korean threat actors tracked as UNC1069, who conducted a social engineering campaign against one of the project's maintainers. After conducting a fake web conference call that led to the installation of malware, the threat actors gained access to the maintainer's account and published malicious versions of the Axios package to npm. This malicious package included a dependency that installed a remote access trojan (RAT) on macOS, Windows, and Linux systems. According to researchers, the attackers approached developers through convincing fake collaboration setups, including Slack workspaces and Microsoft Teams calls, eventually tricking them into installing malware that led to credential theft and downstream supply chain compromises. The activity has been linked to a larger campaign to compromise popular open-source projects for widespread supply chain attacks. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: Hackers compromise Axios npm package to drop cross-platform malwareCPUID hacked to deliver malware via CPU-Z, HWMonitor downloadsChatGPT rolls out new $100 Pro subscription to challenge ClaudeSmart Slider updates hijacked to push malicious WordPress, Joomla versionsNew macOS stealer campaign uses Script Editor in ClickFix attack
Indicators of Compromise
- malware — Axios npm package v1.14.1