Meta News

OpenAI Revokes Certificate for macOS Application After Axios Malicious Supply Chain Incident

Summary: OpenAI revoked the signing certificate for its macOS application following an incident involving TeamPCP that allowed the download and execution of a malicious version of the Axios package.

OpenAI Revokes Certificate for Its macOS Application After Axios Malicious Supply Chain Incident

OpenAI has taken drastic measures after detecting a breach in its supply chain, revoking the signing certificate for its macOS application. The incident, linked to TeamPCP, highlights the increasing sophistication of attacks on open software ecosystems.

What Happened?

OpenAI revoked the security certificate of its macOS application after confirming an incident in the supply chain. The issue arose from downloading a malicious version of the popular Axios package.

Although the company states that there is no evidence of unauthorized access to user data or breaches in their internal systems, they have chosen to treat the certificate as compromised out of caution.

Technical Details: The Backdoor "WAVESHAPER.V2"

OpenAI's internal investigation revealed a complex technical operation:

  • Attack vector: The malware was introduced through a GitHub Actions workflow used in the application certification process.

  • The threat: The infected package implanted a backdoor called WAVESHAPER.V2, compatible with Windows, macOS, and Linux systems.

  • Immediate actions: OpenAI collaborated with Apple and npm to block the use of the compromised certificate and prevent new malicious software notifications.

What Users Need to Know

The main impact falls on macOS desktop application users:

  • Cutoff date: Older versions of the application will no longer receive support and updates from May 8, 2026.

  • Security blocking: Starting on that date, the macOS operating system will block the execution of software signed with the previous certificate.

  • Action required: It is crucial to update the application to the latest available version before the cutoff date to ensure service continuity.

The Threat Landscape: TeamPCP

The group responsible, TeamPCP, has shown a persistent interest in corrupting supply chains. According to OpenAI, the techniques employed by these actors include:

  1. Credential exfiltration.

  2. Use of self-propagating malware.

  3. Exploitation of critical dependencies in open source projects.

Note to developers: Transparency in dependency management and constant monitoring of libraries used in each project are now more crucial than ever for cybersecurity.

Key facts

  • OpenAI revoked the signing certificate for its macOS application.
  • The incident involved the malicious download and execution of the Axios package in a GitHub Actions workflow.
  • No evidence of unauthorized access to user data or breaches in internal systems was reported.

Why it matters

This situation highlights the importance of continuous supply chain surveillance and the need for regular software updates to protect against emerging threats. Users and developers must remain vigilant for potential vulnerabilities in the open development ecosystem.

X profile@thehackersnewshttps://twitter.com/thehackersnews
Embedded content for: OpenAI Revokes Certificate for macOS Application After Axios Malicious Supply Chain Incident
Tags:
ciberseguridad openai axios supply-chain

Structured details

  • Industry: cybersecurity
  • Source type: media
  • Claim status: confirmed
  • Verification: claimed_by_source
  • Entities: UNC1069, TeamPCP, CanisterWorm, SANDCLOCK

Source: https://thehackernews.com/2026/04/openai-revokes-macos-app-certificate.html

Published on