- Security researchers detected 131 rebranded WhatsApp Web automation extensions on the Google Chrome Web Store used to spam Brazilian users.
- The extensions share one codebase and bypass WhatsApp’s anti-spam limits by automating bulk messaging.
- Collectively, around 20,905 users have installed these add-ons, which are promoted as CRM tools for WhatsApp.
- The extensions originate mainly from publishers named “WL Extensão” and “WLExtensao,” linked to a franchise model.
- This activity violates Google’s policies, and some extensions have been updated as recently as October 17, 2025.
Cybersecurity experts have uncovered a large-scale campaign involving 131 rebranded clones of a WhatsApp Web automation extension on Google Chrome. These extensions targeted Brazilian users with spam messages over at least nine months, according to findings by the supply chain security company Socket. The campaign seeks to send bulk messages on WhatsApp while bypassing the platform’s rate limits and anti-spam controls.
The 131 browser add-ons use the same codebase, design, and infrastructure and have a combined total of about 20,905 active users. Security researcher Kirill Boychenko described the extensions as high-risk spam automation tools that inject code into WhatsApp Web, working alongside WhatsApp’s own scripts to automate and schedule messages for bulk outreach.
Examples of these extensions include YouSeller with 10,000 users, performancemais with 239 users, Botflow with 38 users, and ZapVende with 32 users. Despite appearing under various names and logos, most were published by entities called “WL Extensão” and “WLExtensao.” Socket believes a franchise model allows operation affiliates to flood the Chrome Web Store with clones of the original extension developed by DBX Tecnologia.
These add-ons are promoted as customer relationship management (CRM) tools for WhatsApp, offering features such as message automation, bulk messaging, and sales tracking. Google’s policy prohibits submitting multiple extensions with the same functionality, which these extensions violate. DBX Tecnologia also posted videos that discuss bypassing WhatsApp’s anti-spam algorithms.
Boychenko explained, “The cluster consists of near-identical copies spread across publisher accounts, is marketed for bulk unsolicited outreach, and automates message sending inside web.whatsapp.com without user confirmation. The goal is to keep bulk campaigns running while evading anti-spam systems.”
The discovery coincides with recent reports from Trend Micro, Sophos, and Kaspersky regarding a WhatsApp worm called SORVEPOTEL spreading a banking trojan named Maverick in Brazil.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Solana’s underground exchange HumidiFi leads trading with unprecedented $34bn volume – DL News
- Crypto Market Rebounds as Trade Talks Spur Optimism; ADA, XRP Rally
- STBL Stablecoin Dumps 80% After $17M Insider Sell-Off
- New York Proposes Electricity Tax on Crypto Mining Starting 2027
- Deflation Expected to Drive Prices Up Soon
