cybersecurity

5327 readers

13 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

NPM package with 56,000 downloads compromises WhatsApp accounts (securityaffairs.com)

submitted 1 day ago by tonytins@pawb.social to c/cybersecurity@infosec.pub

0 comments fedilink hide all child comments

Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp Web API library and fork of ‘Baileys’, has been stealing users’ credentials and data.

The package has been available for six months and has had over 56,000 downloads. Lotusbail supports sending and receiving WhatsApp messages, wrapping the legitimate WebSocket client so all messages pass through it first, enabling the malicious capture of information.

The Lotusbail npm package works as a fully functional WhatsApp API, making it hard to detect because it is based on the legitimate Baileys library. It wraps WhatsApp’s WebSocket client, intercepting credentials, messages, contacts, and media while continuing normal operations.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here