- 835
- 224
Researchers discovered 131 extensions for automating WhatsApp Web in the official Chrome store. All of them were used to send mass spam to Brazilian users.
According to analysts at Socket, all of these extensions share the same codebase, design patterns, and infrastructure. In total, they are used by approximately 20,905 active users.
[td]"This isn't classic malware; it's a high-risk automated spam campaign that violates platform rules," explains Socket specialist Kirill Boychenko. "The code is injected directly into the WhatsApp Web page, working alongside WhatsApp's own scripts to automate mass mailings and scheduling in a way that bypasses anti-spam protection."[/td]The ultimate goal of this campaign is to send mass messages via WhatsApp using a method that bypasses the platform's frequency limits and spam protection.
Researchers report that this activity has been ongoing for at least nine months, with new extension downloads and updates observed as recently as October 17, 2025.
Each extension uses different names and logos, but most are published by the developers WL Extensão and WLExtensao. Sometimes, the extensions are advertised as CRM tools for WhatsApp, promising to maximize sales through the web version of the messenger.
Experts believe that such differences in branding are the result of franchising, allowing extension operators to flood the Chrome Web Store with clones of the original ZapVende extension, created by DBX Tecnologia.
[td]"Turn your WhatsApp into a powerful sales and contact management tool. With Zap Vende, you'll have access to an intuitive CRM, message automation, mass emails, a visual sales funnel, and much more," reads the description of one extension in the Chrome Web Store. "Organize customer service, track leads, and schedule messages in a practical and effective way."[/td]
According to Socket, DBX Tecnologia advertises a white-label reseller program that allows potential partners to rebrand and sell the WhatsApp Web extension under their own brand. Operators are promised recurring revenue ranging from R$30,000 to R$84,000 (approximately $5,550 to $15,540) for an investment of R$12,000 (approximately $2,220). Researchers emphasize that this violates the Chrome Web Store's spam and abuse policy . Specifically, developers and their partners are prohibited from publishing multiple extensions with duplicate functionality on the platform. Furthermore, DBX Tecnologia was found to have published YouTube videos explaining how to bypass WhatsApp's anti-spam algorithms when using such extensions.

[td]"The extension cluster consists of virtually identical copies distributed across different developer accounts. They are sold for mass unsolicited mailings and automate the sending of messages via web.whatsapp.com without user approval," says Boychenko. "The goal is to support mass spam campaigns while bypassing anti-spam systems."[/td]
According to analysts at Socket, all of these extensions share the same codebase, design patterns, and infrastructure. In total, they are used by approximately 20,905 active users.
Researchers report that this activity has been ongoing for at least nine months, with new extension downloads and updates observed as recently as October 17, 2025.
Each extension uses different names and logos, but most are published by the developers WL Extensão and WLExtensao. Sometimes, the extensions are advertised as CRM tools for WhatsApp, promising to maximize sales through the web version of the messenger.
Experts believe that such differences in branding are the result of franchising, allowing extension operators to flood the Chrome Web Store with clones of the original ZapVende extension, created by DBX Tecnologia.

According to Socket, DBX Tecnologia advertises a white-label reseller program that allows potential partners to rebrand and sell the WhatsApp Web extension under their own brand. Operators are promised recurring revenue ranging from R$30,000 to R$84,000 (approximately $5,550 to $15,540) for an investment of R$12,000 (approximately $2,220). Researchers emphasize that this violates the Chrome Web Store's spam and abuse policy . Specifically, developers and their partners are prohibited from publishing multiple extensions with duplicate functionality on the platform. Furthermore, DBX Tecnologia was found to have published YouTube videos explaining how to bypass WhatsApp's anti-spam algorithms when using such extensions.
