The lotusbail npm package masquerades as a legitimate WhatsApp API library but contains sophisticated malware that steals user credentials, messages, and contacts. It captures data by intercepting communications and uses custom encryption to evade detection. Even after uninstalling the package, attackers retain access to compromised accounts.

A TypeScript framework for WhatsApp's Official API allows developers to create a WhatsApp bot by utilizing npm to install the module. It covers the setup process for obtaining API tokens, webhook configuration, and provides sample code for handling different message types and responses. Additional resources include documentation for various environments and contribution guidelines for enhancing the library.