Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker’s device to a victim’s WhatsApp account.The package, named “lotusbail,” has been downloaded over 56,000 times since it was first uploaded to the registry by a user named “
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/12/fake-whatsapp-api-package-on-npm-steals.html
