December 16, 2023 at 06:50PM

Whatsapp Spoofing impersonate of reply message

All official WhatsApp clients, upon receiving a “Message Reply” payload (QuotedMessage), do not validate whether the “ContextInfo” of this “QuotedMessage” is valid/exists (“StanzaId” and “Participant”). This allows a malicious actor to send in private chats or groups a “QuotedMessage” of a message that never existed on behalf of another person. This is highly critical and dangerous.