Your Code Is Not Safe: Malicious NPM Packages Are Deleting Files
Two malicious packages have been discovered in the NPM ecosystem, disguised as libraries for building bots and automated services using the WhatsApp Business API. Identified by researchers at Socket, these modules mimicked popular WhatsApp libraries and, since their publication last month, have been downloaded more than 1,100 times. Despite takedown requests and complaints against their author, known as nayflore, both packages remain available in the NPM registry.
The malicious modules are named naya-flore and nvlore-hsc. The same author maintains five additional packages—nouku-search, very-nay, naya-clone, node-smsk, and @veryflore/disc—which currently contain no malicious code. However, experts caution that dangerous functionality could be introduced at any time via an update.
All of these projects mimic the style and naming conventions of legitimate libraries used to create bots and automation services around the WhatsApp Business API, whose demand has surged with the widespread adoption of WhatsApp’s cloud API for business communications.
Inside naya-flore and nvlore-hsc, a function named requestPairingCode
is ostensibly intended to handle WhatsApp pairing, but in reality it downloads a Base64-encoded JSON file from a GitHub address. This file contains a list of Indonesian phone numbers whose owners are excluded from targeting. For all other users, the package executes the command rm -rf
, resulting in the complete deletion of all files in the current directory—effectively destroying the developer’s working codebase.
In addition to this destructive logic, both packages contain a commented-out function, generateCreeds
, capable of sending the victim’s phone number, device ID, status, and a hardcoded key to a remote server. Although currently disabled, its presence suggests possible future plans for data exfiltration.
The case of naya-flore and nvlore-hsc demonstrates that targeted attacks on developers are becoming increasingly selective and destructive. The kill switch mechanism, controlled via GitHub, allows attackers to dynamically update their target list and strike only chosen systems, reducing the risk of early detection.
This approach underscores the critical need for thorough vetting of all third-party dependencies—especially those requesting parameters that are not strictly necessary for their advertised functionality.