Worrying WhatsApp attack can steal messages and even accounts - here's how to stay safe from "poisoned" attack

• Malicious NPM package lotusbail hijacks WhatsApp accounts, stealing tokens, messages, and contacts
• Attackers link their device via WhatsApp pairing, persisting even after package removal
• Package had 56,000+ downloads before discovery; developers urged to verify sources carefully

Node Package Manager (NPM) registry users are being targeted with malware that takes over their WhatsApp accounts, steals messages, and contacts lists, experts have warned.

Cybersecurity researchers Koi Security recently discovered a fork of the popular WhiskeySockets Baileys project, an open source TypeScript/JavaScript library that provides a WebSocket-based API for interacting with the WhatsApp Web protocol, letting developers programmatically connect to WhatsApp as a companion device.

The malicious fork, named ‘lotusbail’ has all the same functionality as the legitimate project, but it also steals WhatsApp authentication tokens and session keys. Furthermore, it intercepts and records all messages, pulls contacts, media files, and all other documents, to a ...