Poisoned WhatsApp API package steals messages and accounts
And it's especially dangerous because the code works A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals messages, harvests credentials and contacts, and hijacks users' WhatsApp accounts.... [...]