A dangerous new cyberattack is targeting WhatsApp users worldwide, using cunning deception instead of technical flaws to hijack personal accounts. Dubbed 'GhostPairing', this sophisticated scam bypasses the need for passwords or verification codes by tricking users into voluntarily linking a hacker's device to their account.
How the GhostPairing Attack Operates
According to a detailed report by cybersecurity firm Gen Digital, the attack begins with a deceptive message that appears to come from a trusted friend or contact. The message, which might say something like "Hey, I just found your photo!" contains a link. Inside WhatsApp, this link shows a preview that looks legitimate, often mimicking a Facebook-style interface.
When a user clicks, they are taken to a fake webpage designed to look like a Facebook photo viewer. The page asks the user to "verify" themselves to view the content. This verification process is actually the first step of WhatsApp's official device-pairing mechanism. The user is prompted to enter their phone number. Subsequently, WhatsApp generates a numeric pairing code on the user's phone.
The malicious webpage then instructs the user to enter this exact code on the fake site, framing it as a routine security check. By doing so, the victim unknowingly approves and links the attacker's device to their WhatsApp account via WhatsApp Web.
The Silent Threat and Rapid Spread
Once linked, the hacker gains full access to the victim's account. They can read all personal and group messages, download media files, and send new messages posing as the victim. Critically, because the phone continues to function normally, the breach is extremely difficult to detect. The attacker receives messages in real-time, and the linked device remains active until manually removed by the user, potentially leaving the account exposed indefinitely.
This campaign, first observed in Czechia, is designed for rapid international spread. It exploits trust networks rather than mass spam. A compromised account immediately begins sending the same deceptive link to its own contacts and group chats, making the scam appear to come from a known and trusted source. Cybersecurity experts emphasize that GhostPairing does not break WhatsApp's encryption or exploit software bugs; it manipulates legitimate features through social engineering.
How to Protect Yourself from WhatsApp Scams
Users must adopt proactive security habits to guard against such threats. Experts recommend the following essential steps:
- Regularly Review Linked Devices: Frequently go to WhatsApp Settings > Linked Devices and remove any unfamiliar or suspicious sessions.
- Beware of Code Requests: Be extremely cautious of any website or message asking you to scan a QR code or enter a WhatsApp pairing code.
- Enable Two-Step Verification: Add this extra layer of security in your WhatsApp settings under Account > Two-step verification.
- Verify Unexpected Messages: If a contact sends a strange link or request, confirm with them through another communication channel before clicking or acting.
The core lesson from the GhostPairing scam is that human vigilance is the first line of defense. As attacks increasingly exploit trust instead of software vulnerabilities, users must remain skeptical of unsolicited messages and understand how official app features, like device linking, can be twisted by scammers.
