Meta Faces Cybersecurity Challenges with Malicious Packages Targeting WhatsApp

Recent reports highlight significant cybersecurity challenges for Meta, as malicious npm packages target WhatsApp, risking user accounts and data. A malicious package named 'lotusbail' masquerades as a legitimate WhatsApp Web API library but contains harmful functionalities.

Discovered by Koi Security, 'lotusbail' has been available on npm since May 2025 and has accumulated over 56,000 downloads. The package can steal WhatsApp authentication tokens and intercept messages while also harvesting contacts and media files.

Notably, it links the attacker's device to the victim's WhatsApp account, enabling persistent access even after the package is uninstalled. Researchers emphasize that traditional security measures fail to detect such supply chain attacks, as they exploit the gap between functional code and malicious intent.

Developers are urged to remove the package and check for unauthorized linked devices within their WhatsApp settings, as the malware features anti-debugging capabilities to evade detection.