Researchers found 131 extensions in the official Chrome Web Store that automate WhatsApp Web. All of them were used to mass-send spam to Brazilian users.
According to analysts at Socket, all of these extensions share the same codebase, design patterns, and infrastructure. In total, they have about 20,905 active users.
“This isn’t classic malware; it’s high-risk spam automation that violates the platform’s rules,” explains Socket specialist Kirill Boychenko. “The code is injected directly into the WhatsApp Web page, runs alongside WhatsApp’s own scripts, and automates bulk messaging and scheduling in a way that evades anti-spam protections.”
The ultimate goal of this campaign is to send mass messages via WhatsApp in a way that bypasses the platform’s limits on message-sending frequency and its anti-spam protections.
Researchers report that this activity has been ongoing for at least nine months—new downloads and extension updates were observed as recently as October 17, 2025.
All the extensions use different names and logos, but most of them are published by the developers WL Extensão and WLExtensao. Sometimes the extensions are advertised as CRM tools for WhatsApp, promising to maximize sales through the messenger’s web version.
Experts believe that these branding differences are the result of a franchise model, which allows extension operators to flood the Chrome Web Store with clones of the original ZapVende extension, created by DBX Tecnologia.
“Turn your WhatsApp into a powerful tool for sales and contact management. With Zap Vende, you’ll have access to an intuitive CRM, message automation, bulk messaging, a visual sales funnel, and much more,” reads the description of one of the extensions in the Chrome Web Store. “Organize customer service, track leads, and schedule messages in a practical and efficient way.”
According to Socket, DBX Tecnologia promotes a white-label program for resellers that allows potential partners to rebrand and sell a WhatsApp Web extension under their own brand. Operators are promised a regular income ranging from 30,000 to 84,000 reais (about $5,550–$15,540) with an investment of 12,000 reais (about $2,220).
Researchers emphasize that all this violates the Chrome Web Store policy on spam and abuse. Developers and their partners are prohibited from publishing multiple extensions with duplicative functionality on the platform.
In addition, it was discovered that DBX Tecnologia had published a video on YouTube on how to bypass WhatsApp’s anti-spam algorithms when using such extensions.
“The extension cluster consists of virtually identical copies distributed across different developer accounts. They are sold for bulk unsolicited mailings and automate sending messages via web.whatsapp.com without user confirmation,” Boychenko says. “The goal is to sustain large-scale spam campaigns while bypassing anti-spam systems.”