A sophisticated malware campaign has compromised the npm registry through a malicious package that perfectly mimics legitimate WhatsApp API functionality while silently exfiltrating authentication credentials, messages, contacts, and media files from unsuspecting developers. The lotusbail package, addressed over 56,000 times during its six-month presence on npm, represents a dangerous evolution in supply chain attacks where […]

The post Malicious NPM Package Hits 56K Downloads, Steals WhatsApp Messages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/malicious-npm-package-2/