When it comes to using third-party applications and software that interact with WhatsApp, you have to be especially careful, since you never know what may lie in store for you. In this sense, a massive spam campaign has used 131 fraudulent extensions of Chrome to automate mass sending on WhatsApp Web, affecting more than 20,000 users. Researchers at cybersecurity firm Socket have reported of the operation, which has remained active for at least nine months.
what has happened. According to the investigationthe extensions were presented as CRM or contact management tools for WhatsApp, promising to increase sales and improve productivity. Names like YouSeller, Botflow or ZapVende hid their true function: injecting code directly into WhatsApp Web to send massive messages without the user’s permission, bypassing the platform’s anti-spam systems.
The spam business model. According to Socket, all extensions They shared the same code base and they came from a single Brazilian company, DBX Tecnologia, which sold a white label reseller program. Researchers say that affiliates paid about 2,000 euros in advance to rename the extension with their own logo and name, promising recurring income of between 5,000 and 15,000 euros. “The goal is to keep massive campaigns running while evading anti-spam systems,” explains security researcher Kirill Boychenko.
How the fraud worked. The extensions used sophisticated techniques to manipulate WhatsApp Web. They ran alongside legitimate WhatsApp scripts, using internal functions to automate message sending. Users could configure send intervals, pauses, and batch sizes specifically designed to circumvent detection algorithms. According to the researcher, DBX Tecnologia even published tutorials on YouTube explaining how to adjust these parameters to prevent WhatsApp from blocking accounts.
Why is it dangerous. Although these extensions are not considered malware classic, they also represent a significant risk. When an extension injects code into web applications like WhatsApp, it can read your messages, monitor your actions, and send automated content using your account. The extensions had full access to the page WhatsApp Webpotentially allowing them to access private conversations and personal data.
What to do now. According to firm, Google has already removed the extensions from its store, although they were available for more than nine months, accumulating tens of thousands of downloads. If you have installed any extension related to WhatsApp or message automation and it appears in the list of extensions provided by the research, you must delete it immediately. To do this, access ‘chrome://extensions‘ in your browser, review the entire list and uninstall any suspicious or unrecognized tools. Above all, pay attention to extensions that request permissions to access all websites or modify page data.
Just because it’s in the store doesn’t mean it’s safe.. Socket recommends Regularly review installed extensions, reject those that ask for excessive permissions, and be wary of tools that promise to “boost” popular services. The presence of an extension in the Chrome Web Store does not guarantee security, as well as in the rest of the extension and application stores.
Cover image | AI-generated with Gemini
In Xataka | It’s a matter of time before WhatsApp ends up filling your phone’s memory, unless you do these three things
GIPHY App Key not set. Please check settings