Poisoned WhatsApp API package steals messages and accounts
(2025/12/22)
- Reference: 1766441059
- News link: https://www.theregister.co.uk/2025/12/22/whatsapp_npm_package_message_steal/
- Source link:
A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals messages, harvests credentials and contacts, and hijacks users' WhatsApp accounts.
According to Koi Security, the lotusbail npm package has been available for download for six months, and it's especially dangerous because the code works.
"This one actually functions as a WhatsApp API," Koi Security researcher Tuval Admoni [1]said in a Sunday blog. "It's based on the legitimate Baileys library and provides real, working functionality for sending and receiving WhatsApp messages."
[2]
In addition to working as advertised, the secret-stealing library, which is a fork of the legitimate @whiskeysockets/baileys package, uses WebSocket to communicate with WhatsApp.
[3]
[4]
However, this means that every WhatsApp communication passes through the socket wrapper, allowing it to capture your credentials when you log in and intercept messages as they are sent and received.
"All your WhatsApp authentication tokens, every message sent or received, complete contact lists, media files - everything that passes through the API gets duplicated and prepared for exfiltration," Admoni wrote.
[5]
The malware also uses a custom RSA implementation to encrypt the data, plus four layers of obfuscation - Unicode manipulation, LZString compression, Base-91 encoding, and AES encryption - before sending the stolen info to an attacker-controlled server.
Plus, it backdoors the user's WhatsApp account via the chat app's device pairing process, linking the attacker's device to the victim's. This means even after uninstalling the malicious npm package, the attacker's device can remain linked to the unknowing user's WhatsApp account.
[6]CEO spills the Tea about massive token farming campaigns
[7]Shai-Hulud worm returns, belches secrets to 25K GitHub repos
[8]Ripple NPM supply chain attack hunts for private keys
[9]Crims poison 150K+ npm packages with token-farming malware
This latest poisoned package illustrates the ever-growing supply chain risk and follows several cases of [10]cryptocurrency , [11]credential and other [12]secret-stealing npm libraries, plus bots flooding the registry with spammy packages in massive token farming campaigns.
The Register recently [13]spoke with Tea co-founder and CEO Tim Lewis about these incidents after more than [14]150,000 malicious npm packages , all linked to a Tea token farming campaign, forced the founders to shut down the incentive program's rewards and redesign the protocol ahead of its mainnet launch in early 2026.
"I view this as a canary in the coal mine," Lewis said. "When you are a destructive organization ... there's incentive to use this same technique to attack [supply chains]. So we need to fix the core." ®
Get our [15]Tech Resources
[1] https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aUnNlX_y7R55PK-AJ0a85wAAAMg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aUnNlX_y7R55PK-AJ0a85wAAAMg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aUnNlX_y7R55PK-AJ0a85wAAAMg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aUnNlX_y7R55PK-AJ0a85wAAAMg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/12/17/tea_ceo_fends_off_token_farmers/
[7] https://www.theregister.com/2025/11/24/shai_hulud_npm_worm/
[8] https://www.theregister.com/2025/04/23/ripple_npm_supply_chain/
[9] https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
[10] https://www.theregister.com/2025/04/23/ripple_npm_supply_chain/
[11] https://www.theregister.com/2025/10/30/phantomraven_npm_malware/
[12] https://www.theregister.com/2025/11/24/shai_hulud_npm_worm/
[13] https://www.theregister.com/2025/12/17/tea_ceo_fends_off_token_farmers/
[14] https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
[15] https://whitepapers.theregister.com/
According to Koi Security, the lotusbail npm package has been available for download for six months, and it's especially dangerous because the code works.
"This one actually functions as a WhatsApp API," Koi Security researcher Tuval Admoni [1]said in a Sunday blog. "It's based on the legitimate Baileys library and provides real, working functionality for sending and receiving WhatsApp messages."
[2]
In addition to working as advertised, the secret-stealing library, which is a fork of the legitimate @whiskeysockets/baileys package, uses WebSocket to communicate with WhatsApp.
[3]
[4]
However, this means that every WhatsApp communication passes through the socket wrapper, allowing it to capture your credentials when you log in and intercept messages as they are sent and received.
"All your WhatsApp authentication tokens, every message sent or received, complete contact lists, media files - everything that passes through the API gets duplicated and prepared for exfiltration," Admoni wrote.
[5]
The malware also uses a custom RSA implementation to encrypt the data, plus four layers of obfuscation - Unicode manipulation, LZString compression, Base-91 encoding, and AES encryption - before sending the stolen info to an attacker-controlled server.
Plus, it backdoors the user's WhatsApp account via the chat app's device pairing process, linking the attacker's device to the victim's. This means even after uninstalling the malicious npm package, the attacker's device can remain linked to the unknowing user's WhatsApp account.
[6]CEO spills the Tea about massive token farming campaigns
[7]Shai-Hulud worm returns, belches secrets to 25K GitHub repos
[8]Ripple NPM supply chain attack hunts for private keys
[9]Crims poison 150K+ npm packages with token-farming malware
This latest poisoned package illustrates the ever-growing supply chain risk and follows several cases of [10]cryptocurrency , [11]credential and other [12]secret-stealing npm libraries, plus bots flooding the registry with spammy packages in massive token farming campaigns.
The Register recently [13]spoke with Tea co-founder and CEO Tim Lewis about these incidents after more than [14]150,000 malicious npm packages , all linked to a Tea token farming campaign, forced the founders to shut down the incentive program's rewards and redesign the protocol ahead of its mainnet launch in early 2026.
"I view this as a canary in the coal mine," Lewis said. "When you are a destructive organization ... there's incentive to use this same technique to attack [supply chains]. So we need to fix the core." ®
Get our [15]Tech Resources
[1] https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aUnNlX_y7R55PK-AJ0a85wAAAMg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aUnNlX_y7R55PK-AJ0a85wAAAMg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aUnNlX_y7R55PK-AJ0a85wAAAMg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aUnNlX_y7R55PK-AJ0a85wAAAMg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/12/17/tea_ceo_fends_off_token_farmers/
[7] https://www.theregister.com/2025/11/24/shai_hulud_npm_worm/
[8] https://www.theregister.com/2025/04/23/ripple_npm_supply_chain/
[9] https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
[10] https://www.theregister.com/2025/04/23/ripple_npm_supply_chain/
[11] https://www.theregister.com/2025/10/30/phantomraven_npm_malware/
[12] https://www.theregister.com/2025/11/24/shai_hulud_npm_worm/
[13] https://www.theregister.com/2025/12/17/tea_ceo_fends_off_token_farmers/
[14] https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
[15] https://whitepapers.theregister.com/
Tea?!
Like... the app? The one that spilled a very generous amount of quite sensitive data of women? The ones they purported to protect? Like... data that they should have deleted already? Just from a data storage point of view, data should be stored only for the communicated reason and then only as long as strictly neccessary. Bunch of, well, eejits, I think.
Or is this another company, with some unfortunate name conflict?