"Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. "They are not classic malware, but they function as high-risk spam automation that abuses platform rules," security researcher Kirill Boychenko said."
""The code injects directly into the WhatsApp Web page, running alongside WhatsApp's own scripts, automates bulk outreach and scheduling in ways that aim to bypass WhatsApp's anti-spam enforcement." The end goal of the campaign is to blast outbound messaging via WhatsApp in a manner that bypasses the messaging platform's rate limits and anti-spam controls. The activity is assessed to have been ongoing for at least nine months, with new uploads and version updates to the extensions observed as recently as October 17, 2025."
"The extensions have been found to embrace different names and logos, but, behind the scenes, the vast majority of them have been published by "WL Extensão" and its variant "WLExtensao." It's believed that the differences in branding are the result of a franchise model that allows the operation's affiliates to flood the Chrome Web Store with various clones of the original extension offered by a company named DBX Tecnologia."
A coordinated campaign deployed 131 rebranded WhatsApp Web automation Chrome extensions to send spam at scale to Brazilian users, with roughly 20,905 active users across the add-ons. The extensions share a common codebase, design patterns, and infrastructure and inject code into the WhatsApp Web page to automate bulk outreach and scheduling aimed at evading anti-spam enforcement and rate limits. Most extensions were published by "WL Extensão"/"WLExtensao," apparently using a franchise model tied to an original offering from DBX Tecnologia. The add-ons present themselves as CRM tools for WhatsApp. Activity has persisted at least nine months, with updates observed as recently as October 17, 2025.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]