WhatsApp Woes: Malicious npm Package “Lotusbail” Hijacks Your Chat and Your Trust
Cybersecurity researchers have uncovered a new npm package, “lotusbail,” masquerading as a legitimate WhatsApp API but secretly intercepting messages and linking the attacker’s device to victims’ accounts. With over 56,000 downloads, it’s like a sneaky ninja, silently pilfering your WhatsApp secrets while you think you’re just coding.
Hot Take:
Looks like the npm repository decided to moonlight as a WhatsApp whisperer, with “lotusbail” taking the stage as the latest villain in the WhatsApp saga. Move over, James Bond; there’s a new spy in town, and it’s got your group chat gossip in its crosshairs. Who knew your npm downloads could come with a free side of espionage? Next time you’re tempted to download a “helpful” library, remember: if it smells like malware and intercepts like malware… it’s probably malware.
Key Points:
- npm’s “lotusbail” masquerades as a WhatsApp API but is a full-fledged spy in disguise.
- It steals WhatsApp credentials and intercepts messages, linking an attacker’s device to the victim’s account.
- The library has been downloaded over 56,000 times.
- Anti-debugging features and a hard-coded pairing code make it a persistent threat.
- ReversingLabs also reported malicious NuGet packages targeting the crypto ecosystem.