- Hackers can hijack WhatsApp accounts without even cracking passwords or encryption
- GhostPairing attacks exploit legitimate device pairing features to gain full account access
- Users are tricked by fake Facebook login pages into authorizing attackers
Security researchers are warning WhatsApp users about a growing account hijacking technique that doesn’t rely on cracking passwords or bypassing encryption.
Attackers take advantage of WhatsApp’s legitimate device pairing feature to silently attach their own browser to the victim’s account.
Once linked, the attacker can read messages in real time, download shared media, and send messages that appear to come directly from the victim.
How the linking feature is abused
The attack, tracked under the name GhostPairing, begins with a short message that appears to come from a trusted contact.
The message usually contains a link that purports to show a photo of the recipient.
To build credibility, the link preview often looks like Facebook content.
Clicking on the link redirects the victim to a fake Facebook login page hosted on a similar domain.
Instead of verifying anything, the page starts the WhatsApp device pairing workflow.
Victims are prompted to enter their phone number on the fake page, allowing the attacker to trigger a legitimate pairing request.
WhatsApp then generates a pairing code, which the attacker displays on the fraudulent site.
The victim is instructed to enter this code within WhatsApp, unknowingly authorizing a new linked device.
Although WhatsApp clearly indicates that a device is being added, researchers say many users overlook or misinterpret the message during the process.
Once pairing is complete, attackers gain full access to the account without requiring authentication credentials.
Gen Digital warns that many victims are unaware that an additional device has been linked in the background.
This allows criminals to monitor conversations, collect sensitive information, impersonate the victim, and spread the same lure to contacts and group chats.
Researchers have previously observed similar abuse of device pairing in attacks against other messaging platforms.
The only reliable way to detect this type of compromise is by manually checking the Linked Devices section within WhatsApp settings.
If the user does not recognize any of the listed devices, they must immediately remove it from the account.
Users are also encouraged to report suspicious messages and enable additional account protections, including two-factor authentication.
Tools such as antivirus software can help detect malicious websites, while malware removal solutions can help if further compromise is suspected.
Identity theft protection services can reduce the damage caused by personal data exposure, although they do not prevent account hijacking itself.
This exploit shows that user awareness remains a critical weakness, even when platforms provide warnings during sensitive actions.
Through ringing computer
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
