Hackers are quietly hijacking WhatsApp accounts—and they aren’t even bothering to crack passwords. A new attack, dubbed GhostPairing, exploits a legitimate feature within the messaging app, allowing criminals to gain full access to your messages, media, and contacts without you ever realizing what’s happening.
GhostPairing: How Your WhatsApp Account Could Be Compromised
Security researchers have uncovered a concerning new method for WhatsApp account takeovers that bypasses traditional security measures.
- Attackers leverage WhatsApp’s device-linking feature.
- Victims are tricked via fake Facebook login pages.
- Compromised accounts can be used for surveillance and spreading scams.
- Checking linked devices is crucial for detection.
The attack begins with a seemingly harmless message from a trusted contact. This message typically contains a link promising something enticing, like a photo. Crucially, the link preview is often designed to *look* like a Facebook post, lending it an air of legitimacy. Clicking this link doesn’t take you to a photo, however. Instead, it redirects you to a cleverly disguised, fake Facebook login page hosted on a domain that closely mimics the real one.
Here’s where the deception gets sophisticated. Instead of asking for your Facebook credentials, this fake page initiates WhatsApp’s device-pairing workflow. You’re prompted to enter your phone number, which then triggers a legitimate pairing request within WhatsApp. The app then generates a unique pairing code, which the attacker conveniently displays on the fraudulent website.
Unsuspecting users are instructed to enter this code into WhatsApp, unknowingly authorizing a new, attacker-controlled device to access their account. While WhatsApp *does* display a notification that a device is being added, researchers warn that many users simply overlook or misunderstand the message. Once paired, the attacker has complete access – they can read your messages in real time, download your shared photos and videos, and even send messages *as you*, potentially spreading the scam to your contacts and group chats.
Gen Digital, the company behind Avast and Norton, warns that many victims are completely unaware that an additional device has been linked to their account. This allows criminals to operate undetected for extended periods, maximizing the damage they can inflict.
This isn’t the first time researchers have observed attackers exploiting device-linking features in messaging apps. Similar tactics have been used against other platforms, highlighting a persistent vulnerability in how these features are implemented.
So, how can you protect yourself? The most reliable way to detect a GhostPairing attack is to manually check the “Linked Devices” section within WhatsApp settings. If you see any devices listed that you don’t recognize, remove them immediately. It’s also crucial to report suspicious messages and enable two-factor authentication for an added layer of security.
Consider using antivirus software to help flag malicious websites, and malware removal solutions if you suspect your device has been compromised. While identity theft protection services can help mitigate the damage *after* a data breach, they won’t prevent account hijacking itself.
This exploitation underscores a critical point: user awareness remains a significant weak point, even when platforms provide warnings during sensitive actions. Staying vigilant and understanding how these attacks work is your best defense.
