VYPR

npm · Malicious package advisory

Malware

@budetzz/baileys

MAL-2026-4372

Malicious code in @budetzz/baileys (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c)
This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. (1) lib/Socket/newsletter.js line 111 schedules a setTimeout 90 seconds after a consumer constructs a WhatsApp socket via the documented makeWASocket/makeNewsletterSocket API; the timer calls loadNewsletter(), which axios.get's https://raw.githubusercontent.com/budetzz/mazzbudetzzzzz/refs/heads/main/saluran.json and then issues newsletterWMexQuery(id, FOLLOW) for every ID returned, using the consumer's authenticated WhatsApp identity. The list is hosted on a mutable main branch under the package author's personal GitHub account, so the set of channels the installer's account is forced to follow can be changed at any time without publishing a new package version. The consumer never opted in and the behavior is not documented. (2) lib/index.js line 37 fires a top-level fetch to https://raw.githubusercontent.com/z4phdev/client/refs/heads/main/information.json on every require() of the package and prints data[0].message to the console; this is a remote-mutable, author-controlled in-process content channel that beacons each installer's IP and timing to the author on import. Additionally, package.json advertises homepage https://github.com/whiskeysockets/baileys (the legitimate upstream) while fetchLatestBaileysVersion in lib/Utils/generics.js:351 is repointed to https://raw.githubusercontent.com/z4phdev/baileys/master/src/Defaults/baileys-version.json — a personal fork — so version-update telemetry is also redirected to attacker infrastructure. The silent hijack of the consumer's WhatsApp account to perform actions (channel follows) chosen by the author via a mutable URL is a silent-relay/account-hijack attack on the installer.

Compromised versions (4)

  • 2.0.17
  • 2.0.18
  • 2.0.14
  • 2.0.16

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.