A Fake MCP Server Just Exposed Your WhatsApp History
A security researcher introduced a malicious MCP server into an environment that already had a legitimate WhatsApp integration—and watched it silently expose message history without any user approval.
The technique is called a rug pull. The server advertised one behavior at installation. On second usage, it switched to something else entirely. The approval was real. The thing you approved was not.
This is what trust decay looks like in practice—and it passes every classical security check.
#MaliciousMCP #WhatsAppPrivacy #AIAgents #ZeroTrust