Sunday, May 4, 2025
HomeCyber Security NewsNew WhatsApp Vulnerability Allows Hackers to Intercept and Change Message Contents

New WhatsApp Vulnerability Allows Hackers to Intercept and Change Message Contents

Published on

SIEM as a Service

Follow Us on Google News

A new WhatsApp vulnerability could allow attackers to spread fake news appeared to be sent from the trusted contacts.

WhatsApp is a most popular instant messaging app used by more than 1.5 billion users, it has been heavily targetted by scammers for spreading fake news. WhatsApp recently rolled out a new feature which indicates to user’s that the message they have received is the forwarded one.

Checkpoint researchers found a new WhatsApp vulnerability that allows an attacker that allows an attacker to intercept and change the messages that sent in both the private and group conversations.

- Advertisement - Google News

Researchers managed to reverse the WhatsApp communication to see the parameters that sent between the mobile and the web version to manipulate the data.

WhatsApp vulnerability – Attack Methods

Three possible methods observed in exploiting this vulnerability. Researchers published a Burp Suite Extension to manipulate the three possible methods.

Attack 1: Change the Identity of a Sender in a Group Chat, Even If They Are Not a Member of the Group

With this method, attackers can spoof the reply message to mimic as another group member or the member, not in the group. All attackers need is to catch the encrypted traffic and use the Burp Extension to decrypt it.

To send a spoofed message the attacker needs to reply to the message he spoofed by quoting and changing that message to everyone in the group. The participant can be anyone, even not a member of that group. You can find the technical analysis details in checkpoint’s blog post.

Attack 2: Changing a Correspondent’s Reply To Put Words in Their Mouth

With this attack the attacker able to manipulate himself as the message comes from some other person, all he needs is to manipulate the fromMe parameter in a message which indicates who sent the message.

Attack 3: Send a Private Message in a Chat Group But When The Recipient Replies, The Whole Group Sees It.

The third attack method shows that it is possible to send a private message to a selected individual in the group chat, and if he replies it will be visible to everyone.

“Check Point Research informed WhatsApp of their findings. From Check Point Research’s view, we believe these vulnerabilities to be of the utmost importance and require attention.”

WhatsApp today rolled out a forward message feature which restricts the forwarding message capabilities to just 5 chats in one go.

Also Read

Security Flaws Identified in WhatsApp Could Allow Attackers to Spy on Group Chats

OMG: Fake WhatsApp Android App Downloaded Over 1 Million People’s

Whatsapp Blocked In China After Google And Facebook

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...