Cybersecurity researchers have uncovered a new fraudulent method that allows internet hackers to take control of WhatsApp accounts without the need to break encryption or breach complex technical systems, by exploiting the device linking mechanism within the app.
The researchers explained that the attack, known as GhostPairing, relies on employing official and legitimate features within WhatsApp in a deceptive manner, allowing the attacker to link the victim’s account to an externally controlled device, granting them direct access to messages, photos, videos, and voice notes.
The researchers clarified that the attack begins with a message that reaches the user, appearing to be sent from a trusted contact, and includes a link claiming to show a picture or visual content. Upon clicking the link, the victim is redirected to a fake Facebook login page that requests a phone number.
Instead of displaying the alleged content, the fraudulent page activates the device linking feature in WhatsApp by displaying a code that the user is prompted to enter within the app, leading to the account being automatically linked to an unknown device without the victim realizing what is happening.
This action grants the attacker complete control over the account, without the need for a password or additional verification codes. Once access is gained, they can message contacts and exploit mutual trust to spread the attack and carry out broader hacking operations.
A cybersecurity expert stated that this method reflects a notable shift in the nature of cybercrimes, where the focus is no longer limited to breaching systems, but exploiting user trust has become a crucial element in the success of attacks.
He added that scammers trick users into granting them access themselves, by misusing familiar tools like QR codes, device linking requests, and verification screens that appear normal and routine.
He pointed out that this type of attack does not only threaten WhatsApp users, but serves as a broader warning for all platforms that rely on quick device linking without sufficient explanation of the potential risks.
Users of WhatsApp are advised to periodically review the list of devices linked to their accounts by going to Settings and then Linked Devices, and to immediately remove any unknown device to protect the account from being hacked.
