Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package named lotusbail has been discovered that functions as a WhatsApp API but secretly steals messages, contacts, and login tokens. This package, downloaded over 56,000 times, hijacks the device linking process to maintain persistent access to a victim’s WhatsApp account, even after being uninstalled.