WhatsApp Web Swamped by 131 Spam Bots Hidden as Chrome Extensions

Security researchers at Socket have uncovered a large-scale spam campaign orchestrated through WhatsApp Web, revealing 131 Chrome extensions that are, in essence, variants of a single mass-messaging automation tool. Disguised as legitimate utilities for managing contacts, these add-ons penetrated the web.whatsapp.com interface and silently operated alongside the platform’s own scripts, enabling the circumvention of WhatsApp’s anti-spam safeguards. Tens of thousands of users in Brazil fell prey to the scheme.

Although the extensions do not embed traditional malicious payloads, they flagrantly contravene the Chrome Web Store policy by automating bulk messaging and scheduling broadcasts without recipients’ consent. Socket’s technical analysis shows the plugins share common source code, analogous architectures, and connections to the same server infrastructure—altogether used by more than 20,000 individuals. Branded variants such as YouSeller, ZapVende, and Botflow differ only cosmetically; beneath distinct logos they are the same instrument marketed under multiple guises.

Investigators believe the distribution operates as a franchise: affiliates resell the extensions under their own labels. Many of the published copies trace back to entities registered as “WL Extensão” and “WLExtensao,” while the original developer, DBX Tecnologia, appears to supply the underlying product and infrastructure. DBX’s promotional materials brazenly promise returns—claiming earnings of up to 84,000 reais on a 12,000-real investment—positioning the offering as a white-label reseller opportunity.

Publicly, the extensions are promoted as CRM tools intended to boost sales and streamline customer engagement via WhatsApp Web. In practice, however, they facilitate aggressive, unsolicited outreach at scale—automated campaigns that violate both the extension store’s terms and the basic norms of the messaging platform.

Further troublingly, Socket’s probe found that DBX circulated video tutorials demonstrating how to evade WhatsApp’s anti-spam protections using these extensions. Such guidance directly violates Chrome Web Store rules, which forbid functionally duplicative extensions from the same developer or affiliated partners and bar tools designed to subvert platform defenses.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy