Over 100 Chrome extensions break WhatsApp’s anti-spam rules
嗯,用户让我总结一篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”这样的开头。首先,我得仔细阅读这篇文章,抓住主要信息。 文章讲的是Socket的研究团队发现了一个大规模的网络攻击活动,他们利用Chrome商店里的131个恶意扩展程序来劫持WhatsApp Web,发送垃圾信息。这些扩展程序绕过了WhatsApp的反垃圾机制。此外,这些扩展还可能泄露用户的隐私和安全,甚至导致账户被封禁。 用户的需求是简明扼要地总结内容,所以我要提炼出关键点:恶意扩展的数量、目标(WhatsApp Web)、功能(发送垃圾信息、绕过反垃圾)、风险(隐私泄露、账户问题)以及建议(检查权限、避免可疑扩展)。 然后,我需要把这些点用简洁的语言组织起来,确保不超过100字。同时,开头不要用“文章总结”之类的词,直接描述内容。 最后,检查一下是否涵盖了所有重要信息,并且语言流畅自然。 </think> 研究发现Chrome商店出现131款恶意扩展程序,通过劫持WhatsApp Web发送垃圾信息并绕过反垃圾机制。这些工具不仅威胁用户隐私和账号安全,还可能被用于大规模推广或诈骗。专家建议用户谨慎安装可疑扩展,并定期检查浏览器安全。 2025-10-22 15:49:27 Author: www.malwarebytes.com(查看原文) 阅读量:7 收藏

spamware

Recent research by Socket’s Threat Research Team uncovered a massive, coordinated campaign flooding the Chrome Web Store with 131 spamware extensions. These add-ons hijack WhatsApp Web—the browser version of WhatsApp—to automate bulk messages and skirt anti-spam controls.

Spamware is software that automates the sending of unsolicited bulk messages—often for advertising, phishing, or even spreading malware—across email, messaging apps, or social media.

According to Socket, the extensions inject code directly into the WhatsApp Web site, running alongside its own scripts to automate bulk outreach and scheduling. This helps them bypass WhatsApp’s anti-spam controls.

The 131 extensions all share the same codebase, design patterns, and infrastructure. This is obviously a sign that something is off. If you’re proud of your product, why would you disguise it under dozens of aliases?

Some marketers use WhatsApp spamware to automate and scale up outbound campaigns, flooding users with unwanted promotional messages or links. The extensions promise to help them evade WhatsApp’s built-in limits, enabling large-volume outreach that would typically be blocked if attempted manually. These tools offer them a readily available spam infrastructure.

But having a spamware extension installed isn’t just a problem for others—it can also pose a direct risk to yourself:

  • Privacy and security: These extensions inject code into web sessions, potentially exposing your messages and login data to third parties.
  • Policy violations: Many of these extensions automate actions that can get your WhatsApp or Google account restricted or banned.

Many promotional sites for these extensions claim that Chrome Web Store inclusion means a rigorous audit and code review that guarantees privacy and safety. In reality, Chrome’s process is a policy compliance review, not a certification, and presenting it as an audit misleads buyers and creates a false sense of security.

That said, it’s still safer to download from the official Chrome Web Store than from random sites or direct file links. The store has reporting, review and takedown processes that most other sources lack.

The researchers reported the extensions to the Chrome security team and requested that the associated publisher accounts be suspended for policy-violating spamware.

Stay safe

  • Check extension permissions.
  • Avoid add-ons that “automate” messaging apps.
  • Stick to reputable developers.
  • If in doubt, remove suspicious extensions and scan your browser and device for threats.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


文章来源: https://www.malwarebytes.com/blog/news/2025/10/over-100-chrome-extensions-break-whatsapps-anti-spam-rules
如有侵权请联系:admin#unsafe.sh