Cybersecurity researchers have uncovered a malicious package in the npm repository, posing as a legitimate WhatsApp API tool while secretly compromising user accounts. Named "lotusbail," this package has been downloaded over 56,000 times since its appearance in May 2025, with 711 downloads recorded in just the last week.
Once integrated into a project, the package operates by stealing WhatsApp credentials and intercepting messages. It also collects contacts and other sensitive information, transmitting everything back to the attacker’s server in encrypted form. This is achieved through a deceptive WebSocket wrapper that reroutes authentication and messaging data, allowing attackers to gain complete access to the victim’s WhatsApp account.
The attack’s intrigue lies in its ability to establish a persistent backdoor by hijacking the device linking process of WhatsApp with a hard-coded pairing code. As a result, even if the package is removed, the attacker’s device remains linked to the victim’s account, granting continued access without detection.
Koi Security researcher Tuval Admoni highlighted that the library was inspired by a legitimate TypeScript library for the WhatsApp Web API. This exploitation underscores the risks associated with supply chain attacks, where malicious code can masquerade as safe software, evading traditional security measures.
In a related note, ReversingLabs recently reported on 14 malicious NuGet packages targeting the crypto environment, capable of siphoning transaction funds or exfiltrating sensitive data like private keys.
These incidents reflect an ongoing trend where attackers leverage trusted platforms and tools to infiltrate systems, emphasizing the need for enhanced vigilance in cybersecurity practices.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.