NPM package with 56,000 downloads compromises WhatsApp accounts

securityaffairs.com

cross-posted to:
cybersecurity

NPM package with 56,000 downloads compromises WhatsApp accounts

securityaffairs.com

Resident PulserB to

Pulse of TruthEnglish · 25 days ago

cross-posted to:
cybersecurity

An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor.

An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp Web API library and fork of ‘Baileys’, has been stealing users’ credentials and data. The package has been available for six months and has had over 56,000 […]

You must log in or # to comment.

Chat

Pulse of Truth

pulse_of_truth

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !pulse_of_truth@infosec.pub

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

34 users / day
256 users / week
853 users / month
2.88K users / 6 months
184 local subscribers
1.93K subscribers
4.6K Posts
3.26K Comments
Modlog

mods:
krogoth