Attack 1 — Change the Identity of a Sender in a Group Chat, Even If They Are Not a Member

The attack allows a malicious user in a WhatsApp group to exploit the 'quote' feature—that lets users reply to a past message within a chat by tagging it—in a conversation to spoof a reply message to impersonate another group member and even a non-existing group member.

Attack 2 — Send a Private Message in a Chat Group But When The Recipient Replies, The Whole Group Sees It

The third WhatsApp attack allows a malicious group user to send a specially crafted message that only a specific person will be able to see. If the targeted individual responds to the same message, only then its content will get displayed to everyone in the group.