{ads}

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Written By Monday, 22 December 2025 Add Comment



December 22, 2025 at 09:58PM

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account. The package, named "lotusbail," has been downloaded over 56,000 times since it was first uploaded to the registry by a user named "

from The Hacker News https://ift.tt/a2P4IAE

0 Response to "Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads