{"id":223705,"date":"2025-10-21T04:19:26","date_gmt":"2025-10-21T09:19:26","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/10\/131-chrome-extensions-caught-hijacking-whatsapp-web-for-massive-spam-campaign"},"modified":"2025-10-21T04:19:26","modified_gmt":"2025-10-21T09:19:26","slug":"131-chrome-extensions-caught-hijacking-whatsapp-web-for-massive-spam-campaign","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/10\/131-chrome-extensions-caught-hijacking-whatsapp-web-for-massive-spam-campaign","title":{"rendered":"131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign"},"content":{"rendered":"<p><\/p>\n<p><iframe style=\"display: block; margin: 0 auto; width: 100%; aspect-ratio: 4\/3; object-fit: contain;\" src=\"https:\/\/www.youtube.com\/embed\/eIkNI6oFAhU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope;\n   picture-in-picture\" allowfullscreen><\/iframe><\/p>\n<p>Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.<\/p>\n<p>The 131 spamware extensions share the same codebase, design patterns, and infrastructure, <a href=\"https:\/\/socket.dev\/blog\/131-spamware-extensions-targeting-whatsapp-flood-chrome-web-store\" rel=\"noopener\" target=\"_blank\">according<\/a> to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users.<\/p>\n<p>\u201cThey are not classic malware, but they function as high-risk spam automation that abuses platform rules,\u201d security researcher Kirill Boychenko said. \u201cThe code injects directly into the WhatsApp Web page, running alongside WhatsApp\u2019s own scripts, automates bulk outreach and scheduling in ways that aim to bypass WhatsApp\u2019s anti-spam enforcement.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,6],"tags":[],"class_list":["post-223705","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=223705"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223705\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=223705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=223705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=223705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}