Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal ...
The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...
The Hacker News

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Android attackers use fake apps and droppers to spread the Wonderland SMS stealer, stealing OTPs, SMS data, and bank funds, ...

What is ‘GhostPairing’, new scam that can ‘hijack’ WhatsApp account without password?

GhostPairing enables cybercriminals to gain full access to WhatsApp accounts without requiring passwords or SIM card changes.