WhatsApp Web Users At Security Risk! Hackers May Be Reading Your Messages Silently: All You Need To Know

After GhostPairing attack, Meta-owned popular instant messaging platform WhatsApp is facing another major cyber attack. Cybersecurity researchers have issued a fresh warning to WhatsApp Web users and developers about a dangerous fake software package that can secretly spy on WhatsApp accounts, steal private messages and even give hackers long-term access.According to a report by BleepingComputer, security researchers have found a 'malicious package on the Node Package Manager (NPM)' that pretends to be a genuine WhatsApp Web API library. In reality, it is designed to spy on users and silently hand over control of their WhatsApp accounts to attackers.WhatsApp GhostPairing Scam: If You Get 'Hey, I Just Found Your Photo' Message Don’t Open It Or

Else..... The package, named lotusbail, is a modified version of a popular open-source WhatsApp library called Baileys. Because it works like a real WhatsApp Web tool, many developers installed it without suspecting anything. Over the past six months, the fake package has reportedly been downloaded more than 56,000 times.According to researchers at Koi Security, the malware is extremely dangerous. Once installed, it can steal WhatsApp login tokens and session keys, read and record all messages sent and received, and copy contact lists, media files and shared documents.In simple terms, every message passes through the attacker’s system first. When a user logs in, their credentials are captured. When messages arrive or are sent, they are quietly recorded in the background.What makes this threat more serious is that the malware can secretly link the attacker’s device to the victim’s WhatsApp account using 'WhatsApp’s Linked Devices' feature. This means even if the malicious software is later removed, hackers may still have access to the account until the user manually removes unknown devices from WhatsApp settings.Researchers also revealed that the package uses advanced tricks to hide its behaviour, making it difficult to analyse or detect during normal checks.What should users and developers do now?Anyone who has used this package should remove it immediately, check WhatsApp’s Linked Devices*section, and unlink any unknown devices. Developers are also advised not to trust new tools blindly and to monitor how software behaves after installation, not just its source code.