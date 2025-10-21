Nearly 21,000 Brazilian users have been compromised with 131 rebranded WhatsApp Web automation extensions for Google Chrome as part of a coordinated spam campaign that has been underway for at least nine months, according to The Hacker News. All of the extensions, which have identical code and infrastructure, have directly injected code into the WhatsApp Web page to allow automated bulk outbound messaging while evading the anti-spam restrictions of WhatsApp, a report from Socket researchers showed. Additional findings revealed that most of the illicit extensions have been published by "WL Extenso" and its variant "WLExtensao," with the variation driven by a franchise model. "The cluster consists of near-identical copies spread across publisher accounts, is marketed for bulk unsolicited outreach, and automates message sending inside web[.]whatsapp[.]com without user confirmation," said researcher Kirill Boychenko. Such a development comes after WhatsApp was reported by Trend Micro researchers to have been used to facilitate the deployment of the self-propagating SORVEPOTEL worm that then delivered the Maverick banking trojan.
Application security
WhatsApp targeted by Chrome spamware extensions
(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds