Malicious npm package 'lotusbail' steals WhatsApp data after 56k downloads
A sneaky software package called lotusbail, disguised as a legit WhatsApp tool, has been downloaded over 56,000 times in the past six months.
Researchers at Koi Security found it's actually stealing users' private WhatsApp info.
How does 'lotusbail' work?
While acting like a normal WhatsApp library, lotusbail secretly grabs your messages, contacts (including phone numbers), session keys, and shared media.
It encrypts everything before sending it to hackers—so most people never notice anything's wrong.
Why is it hard to spot?
Lotusbail doesn't just steal data—it also plants a backdoor by hijacking the device pairing process.
Even if you uninstall it, the attacker might still have access.
Plus, with code tricks that freeze debugging tools, this malware managed to hide out for six months.
What should you do now?
If you've used lotusbail or aren't sure, uninstall it right away and double-check your WhatsApp Linked Devices for anything suspicious.
Developers are being urged to watch out for weird network activity—not just scan the code—since this threat was pretty stealthy.