Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats
hackread.comKoi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data.
Cybersecurity researchers from Koi Security have issued a major warning for anyone building or using applications that connect to WhatsApp. Their research has identified a popular piece of code that turned out to be a Trojan horse designed to hijack accounts and steal private data.
The malicious package, named lotusbail, was downloaded over 56,000 times since May 2025. To appear legitimate, the developers behind it “inspired” their code by copying a trusted library called @whiskeysockets/baileys. This functional cover is exactly why it was installed, tested, and deployed by developers for six months without suspicion.
How the Deception Worked
According to the technical report authored by Koi Security researcher Tuval Admoni, the malware acts like ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE