Whatsapp Spoofing impersonate of reply message
All official WhatsApp clients, upon receiving a “Message Reply” payload (QuotedMessage), do not validate whether the “ContextInfo” of this “QuotedMessage” is valid/exists (“StanzaId” and “Participant”). This allows a malicious actor to send in private chats or groups a “QuotedMessage” of a message that never existed on behalf of another person. This is highly critical and dangerous.
https://github.com/lichti/whats-spoofing
PoC: https://youtu.be/_WL6hpAvNh8
https://t.me/cKure/13361