MalwareDec 28, 2025•4 min read
Malicious npm Package 'lotusbail' Hijacked WhatsApp Accounts for Six Months
Supply chain attack disguised as working WhatsApp API library stole credentials, messages, and linked attacker devices to victim accounts. 56,000+ downloads since May.
James Rivera