The Silent Sync: How the “lotusbail” npm Package Hijacks WhatsApp Accounts
A malicious package named lotusbail has been uncovered in the npm repository, masquerading as a library for working with WhatsApp Web while quietly siphoning conversations and granting attackers persistent access to user accounts. According...
