A coordinated spam campaign targeting WhatsApp Web users has been uncovered, involving 131 Chrome extensions repackaged to look like legitimate marketing tools.
Quick Summary – TLDR:
- 131 Chrome extensions were used to automate spam on WhatsApp Web
- All extensions were clones of a single tool repackaged under various brand names
- The scheme was linked to Brazilian companies using a white-label reseller model
- Google has been urged to take down the extensions for violating its spam policies
What Happened?
Cybersecurity researchers at Socket revealed a widespread abuse of Google Chrome’s Web Store where 131 extensions were secretly working to automate spam campaigns on WhatsApp Web. While posing as productivity or CRM tools, these extensions injected scripts into WhatsApp Web to bypass its anti-spam protections.
🚨 131 Chrome extensions were caught turning WhatsApp Web into spam bots.
— The Hacker News (@TheHackersNews) October 20, 2025
They look like “CRM tools,” but secretly send bulk messages.
Over 20,000 users already installed them.
Full details ↓ https://t.co/Vw9AhWqQ10
Coordinated Chrome Abuse Linked to Brazilian Resellers
The 131 extensions, though different in name and branding, were all built from the same codebase and shared identical infrastructure. Researchers identified that these extensions were mostly published by two developer accounts linked to a Brazilian company, Grupo OPT. Most of them were labeled under “WL Extensão” or a variation of it.
Notably, the software behind these spam tools originated from a company called DBX Tecnologia, which offered a white-label reseller program. This allowed affiliates to rebrand the core extension and market it as their own. According to promotional materials, for a R$12,000 investment (roughly USD $2,180), resellers were promised recurring monthly revenues between R$30,000 and R$84,000 (USD $5,450 to $15,270).
Extensions Masquerading as Sales Tools
While the plugins promoted features like contact management and bulk messaging for small businesses, they were actually automating unsolicited message blasts. These messages were sent without user confirmation, making them non-compliant with WhatsApp’s Business Messaging Policy, which requires opt-in.
Some extensions uncovered include:
- YouSeller (10,000 users)
- performancemais (239 users)
- Botflow (38 users)
- ZapVende (32 users)
Despite unique branding, all extensions connected to the same backend servers controlled by DBX, meaning user activity and data were funneled to one system regardless of the extension used.
Ongoing Updates and Detection Evasion
The spamware operation appears to have been active for at least nine months, with fresh uploads and updates continuing as recently as October 17, 2025. Socket’s analysis shows that new clones were regularly added in waves to evade detection by Chrome’s security mechanisms.
Each extension injected JavaScript directly into WhatsApp Web pages. This code ran alongside WhatsApp’s scripts to enable scheduled messages and mass outreach features. Socket described the setup as “high-risk spam automation that abuses platform rules.”
Google Notified of Violations
Socket has filed takedown requests with Google, flagging the publisher accounts for violating Chrome Web Store’s Spam and Abuse policy, which forbids duplicate functionality across extensions. Researchers also noted the lack of proper privacy disclosures, especially since media and messages may be routed through vendor servers.
Sites like zapvende[.]com and lobovendedor[.]com[.]br were used to lure Brazilian small businesses into buying and publishing these extensions by promising a lucrative, recurring revenue stream.
SQ Magazine Takeaway
I find it wild how deep this spam operation goes. It’s not just shady extensions but an actual reseller economy built around spamming users through WhatsApp. What’s even more concerning is how these tools managed to slip through Chrome Web Store’s policies for so long. As users, we really have to be cautious about what we install, even when it looks polished and professional. Google needs to clean house fast, and WhatsApp better step up its anti-spam tech.
