npm · Malicious package advisory
Malware@budetzz/baileys
MAL-2026-4372
Malicious code in @budetzz/baileys (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c) This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. (1) lib/Socket/newsletter.js line 111 schedules a setTimeout 90 seconds after a consumer constructs a WhatsApp socket via the documented makeWASocket/makeNewsletterSocket API; the timer calls loadNewsletter(), which axios.get's https://raw.githubusercontent.com/budetzz/mazzbudetzzzzz/refs/heads/main/saluran.json and then issues newsletterWMexQuery(id, FOLLOW) for every ID returned, using the consumer's authenticated WhatsApp identity. The list is hosted on a mutable main branch under the package author's personal GitHub account, so the set of channels the installer's account is forced to follow can be changed at any time without publishing a new package version. The consumer never opted in and the behavior is not documented. (2) lib/index.js line 37 fires a top-level fetch to https://raw.githubusercontent.com/z4phdev/client/refs/heads/main/information.json on every require() of the package and prints data[0].message to the console; this is a remote-mutable, author-controlled in-process content channel that beacons each installer's IP and timing to the author on import. Additionally, package.json advertises homepage https://github.com/whiskeysockets/baileys (the legitimate upstream) while fetchLatestBaileysVersion in lib/Utils/generics.js:351 is repointed to https://raw.githubusercontent.com/z4phdev/baileys/master/src/Defaults/baileys-version.json — a personal fork — so version-update telemetry is also redirected to attacker infrastructure. The silent hijack of the consumer's WhatsApp account to perform actions (channel follows) chosen by the author via a mutable URL is a silent-relay/account-hijack attack on the installer.
Compromised versions (4)
- 2.0.17
- 2.0.18
- 2.0.14
- 2.0.16
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.