Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Banner Mobile V1
970x120
131 WhatsApp Web Chrome Extensions Used for Mass Spam Discovered

131 WhatsApp Web Chrome Extensions Used for Mass Spam Discovered

Redazione RHC : 22 October 2025 15:04

Researchers discovered 131 extensions for automating WhatsApp Web in the official Chrome store. All were being used to send mass spam to Brazilian users.

According to Socket analysts, all these extensions share the same code base, design patterns, and infrastructure. Together, they have approximately 20,905 active users.

“This isn’t classic malware; it’s a high-risk, automated spam campaign that violates the platform’s rules,” explains Kirill Boychenko, Socket specialist. “The code is injected directly into the WhatsApp web page, working with WhatsApp scripts to automate mass mailings and schedule them, thus bypassing spam protection.”

The ultimate goal of this campaign is to send mass messages via WhatsApp in order to bypass the platform’s message rate limits and spam protection. The researchers write that this activity has been ongoing for at least nine months, with new downloads and extension updates observed only on October 17, 2025.

Each extension uses a different name and logo , but most are published by developers WL Extensão and WLExtensao. Sometimes, the extensions are advertised as CRM tools for WhatsApp, promising to maximize sales through the web version of the messenger.

Experts believe that these branding differences are the result of franchising, which allows extension operators to flood the Chrome Web Store with clones of the original ZapVende extension created by DBX Technology.

“Turn WhatsApp into a powerful sales and contact management tool. With Zap Vende, you’ll have access to an intuitive CRM, message automation, mass email sending, a visual sales funnel, and much more,” reads the description of an extension in the Chrome Web Store. “Organize customer service, track leads, and schedule messages conveniently and effectively.”

According to Socket, DBX Technology advertises a white-label reseller program that allows potential partners to rebrand and sell the WhatsApp Web extension under their own brand. Researchers note that this violates the Chrome Web Store’s anti-spam and anti-abuse policy . Specifically, developers and their partners are prohibited from hosting multiple extensions with duplicate functionality on the platform.

Additionally, DBX was discovered to have posted videos on YouTube on how to bypass WhatsApp’s anti-spam algorithms when using such extensions.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli