ADVERTISEMENT

Code that works can also be malware: this WhatsApp API is stealing messages

A popular WhatsApp library trusted by tens of thousands of developers was quietly spying on messages, contacts, and credentials, maintaining access even after being uninstalled.

WhatsApp API malware
Paulina Okunytė
Paulina Okunytė Senior Journalist
Dec 23, 2025 Updated: 30 December 2025 2 min read
WhatsApp Web API
Source: Koi

What the fake WhatsApp API steals:

  • Authentication tokens and session keys
  • Entire message history
  • Full contact lists with phone numbers
  • Media files and documents
  • Persistent backdoor access to your WhatsApp account
ADVERTISEMENT

Have access to your WhatsApp even after deletion

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

ADVERTISEMENT