Skip to main content
New Year’s Sale — Build a balanced news diet with 40% off Vantage
Get Started
SubscribeLogin
Published loading...Updated

Poisoned WhatsApp API Package Steals Messages and Accounts

The lotusbail package, downloaded over 56,000 times, steals WhatsApp tokens and messages, granting attackers persistent access via device pairing until manually revoked.

Summary by The Register
: And it's especially dangerous because the code works

9 Articles

Tech RadarTech Radar
Center

Worrying WhatsApp attack can steal messages and even accounts - here's how to stay safe from "poisoned" attack

A fork of a popular project was found on npm, but not before it amassed tens of thousands of downloads.

·United Kingdom
Read Full Article
OKDIARIOOKDIARIO
Right

Alert by Malware on Whatsapp: a Simple Add-on Steals Messages without Anyone Noticing It

The latest case of malware on WhatsApp shows that the danger no longer comes only through strange links or dubious attachments. Sometimes, the problem is much further back, at the very origin of some apps we use daily. Recent research has uncovered how a seemingly legitimate add-on has been able to steal private messages without users or developers noticing for months. A malware that does not attack the user, but at the origin of apps The warnin…

Read Full Article
The RegisterThe Register
Center

Poisoned WhatsApp API package steals messages and accounts

: And it's especially dangerous because the code works

Read Full Article
BleepingComputerBleepingComputer
Center

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account.

Read Full Article
TechJuiceTechJuice

Developers Hit as Fake WhatsApp API Package Emerges on npm

Security researchers discovered a fake WhatsApp API package on npm that steals developer credentials, raising fresh alarms about the growing risks facing the open source software supply chain. The malicious package impersonated a legitimate WhatsApp API library and actively harvested sensitive information from unsuspecting developers who installed it, highlighting how threat actors continue to exploit […] The post Developers Hit as Fake WhatsApp…

Read Full Article
CSO OnlineCSO Online
Reposted by
InfoWorldInfoWorld

WhatsApp API worked exactly as promised, and stole everything

Security researchers have uncovered a malicious npm package that poses as a legitimate WhatsApp Web API library while quietly stealing messages, credentials, and contact data from developer environments. The package, identified as “lotusbail,” operates as a trojanized wrapper around a genuine WhatsApp client library and had accumulated more than 50k downloads by the time it was flagged by Koi Security. “With over 56000 downloads and functional c…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 75% of the sources are Center
75% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Monday, December 22, 2025.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

WhatsApp icon

WhatsApp

Cyberattacks icon

Cyberattacks

Security icon

Security

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal