Cybersecurity researchers have exposed a large spam campaign involving over 130 cloned Chrome extensions designed to automate messaging on WhatsApp Web.
Cybersecurity researchers have uncovered a large-scale spam campaign using 131 cloned Chrome extensions to exploit WhatsApp Web for mass messaging in Brazil.
According to security firm Socket, the extensions share the same codebase and infrastructure, targeting about 20,905 users. “They are not classic malware, but they function as high-risk spam automation that abuses platform rules,” said researcher Kirill Boychenko.
The code injects directly into WhatsApp Web, automating bulk outreach to bypass anti-spam controls. Most of the extensions were published by “WL Extensão” and “WLExtensao,” believed to be affiliates of DBX Tecnologia, which sells white-label versions of its automation tools.
Socket said the spam network has been active for at least nine months, with new uploads spotted as recently as October 17, 2025.
The operation violates Google’s Chrome Web Store policy banning duplicate extensions, while researchers warn it could expose users to data misuse and unauthorized message automation.