Get the latest tech news

Lotusbail npm package found to be harvesting WhatsApp messages and contacts

The lotusbail npm package presents itself as a WhatsApp Web API library - a fork of the legitimate @whiskeysockets/baileys package. With over 56,000 downloads and functional code that actually works as advertised, it's the kind of dependency developers install without a second thought.

None

Get the Android app

Or read this on Hacker News

Related news:

GitLab discovers widespread NPM supply chain attack

Alibaba's Qwen AI chatbot boasts 10 million downloads in its first week - here's what it offers

In wake of Windows 10 retirement, over 780,000 Windows users skip Win 11 for Linux, says Zorin OS developers — distro hits unprecedented 1 million downloads in five weeks

« Electronic Arts Investors Back $55 Billion Sale to Saudi’s PIF

Data Center Demand a Long-Term Real Estate Driver: Bell »