Yazılar

More Than 56,000 WhatsApp Accounts Exposed by Malicious npm Package

/in /tarafından

A malicious package hosted on Node Package Manager (npm) has compromised more than 56,000 downloads by posing as a legitimate WhatsApp Web API library, allowing attackers to secretly access messages, media files, contacts and session credentials.

The package, identified by cybersecurity firm Koi Security, was published under the name lotusbail and masqueraded as a fork of the popular WhatsApp Web automation library WhiskeySockets Baileys, commonly used by developers to build bots.

According to researchers, the malware intercepts all incoming and outgoing messages by hijacking the legitimate WebSocket connection used by WhatsApp Web. It silently copies authentication tokens and session keys, while normal app functionality continues, making the attack difficult to detect.

Stolen data is encrypted using a custom RSA implementation before being exfiltrated, helping the malware evade network monitoring tools. The package also includes functionality to secretly link an attacker’s device to a victim’s WhatsApp account, granting persistent access to conversations.

Security experts warn that uninstalling the npm package removes the malicious code but does not automatically unlink the attacker’s device. Users are advised to manually review and remove unknown linked devices in WhatsApp’s settings to fully secure their accounts.

FBI Issues Urgent Warning for All Gmail Users Over New Cookie-Based Hack

/in /tarafından

The FBI has issued an urgent warning for Gmail users worldwide after detecting a new wave of cyberattacks exploiting a session cookie vulnerability that allows hackers to bypass two-factor authentication and gain full access to victims’ accounts.

With over 1.8 billion users globally, Gmail is one of the most popular email platforms — and also one of the most targeted by cybercriminals. According to the FBI, attackers are using sophisticated techniques to steal login cookies from infected devices, granting them access not just to Gmail accounts, but also to connected services like social media, online banking, and cloud storage.

The attack begins when victims unknowingly click malicious links or visit fake websites, downloading malware that silently extracts session cookies — files that store login information so users don’t have to re-enter passwords. Once stolen, these cookies allow hackers to impersonate users and access their accounts without needing credentials or authentication codes.

The FBI warns that this technique effectively neutralizes two-factor authentication, long considered one of the strongest security measures against account hijacking.

To protect users, the agency recommends:

  • Regularly deleting browser cookies.

  • Avoiding the “Remember this device” option when logging in.

  • Only visiting secure websites that use HTTPS.

  • Frequently checking account login history for suspicious activity.

Google has acknowledged that cookie theft affects users across the web and said it is developing new security measures to mitigate the threat, describing the attacks as part of a growing, lucrative cybercrime trend.

U.S. Investigates Malware Email Linked to China Targeting Trade Talks

/in /tarafından

U.S. authorities are probing a malware-laden email disguised as coming from Republican Representative John Moolenaar, aimed at infiltrating organizations connected to U.S.-China trade negotiations, the Wall Street Journal reported Sunday.

The July email was sent to trade groups, law firms, and government agencies, asking recipients to review draft legislation. Cyber analysts traced the malware to APT41, a hacking group widely believed to be linked to Chinese intelligence. Opening the attachment would have given hackers deep access to the targets’ systems.

Moolenaar, a vocal critic of Beijing and chair of a congressional committee on U.S.-China competition, said the incident was “another example of Chinese cyber operations aimed at stealing U.S. strategy,” adding: “We will not be intimidated.”

The attack coincided with sensitive trade talks in Sweden, which temporarily extended a tariff truce between Donald Trump and Xi Jinping until their expected November meeting at an Asian economic summit.

The Chinese embassy in Washington denied knowledge of the incident, stressing opposition to all cyberattacks while warning against “smearing others without solid evidence.”

The FBI confirmed it is working with partners to track those responsible. Meanwhile, the Capitol Police are investigating after staff on Moolenaar’s committee noticed unusual inquiries about the fake message.

The episode adds to mounting evidence of Beijing-linked cyber campaigns targeting U.S. institutions to gain insight into trade and national security deliberations.