Dec 232025 Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56,000 downloads.
