Hackers can take over WhatsApp accous without cracking passwords or encryption. Attacks known as GhostPairing exploit the ability to link devices to gain full access to a user’s accou. In this method, users are tricked through fake Facebook login pages to unwittingly gra permission to attackers. Security researchers have warned against the spread of this new method of accou theft.
In this attack, attackers use the official device linking feature in WhatsApp to secretly connect their browser to the victim’s accou. Once this connection is established, the attacker is able to view messages in real-time, download shared media files, and send messages that appear completely as messages se by the victim.
Known as GhostPairing, the attack begins with a text message that appears to be se by a trusted recipie. The message usually coains a link that claims to display an image of the recipie. To increase user trust, link previews are often designed to resemble Facebook coe.
By clicking on this link, the victim is redirected to a fake Facebook login page hosted on a domain similar to the original one. This page starts the official WhatsApp device pairing process instead of any autheication process. At this poi, the victim is asked to eer their phone number on the fake page; An action that allows an attacker to trigger a perfectly legitimate pairing request.
After that, WhatsApp generates a pairing code and the attacker displays this code on the fake website. The victim is then instructed to eer this code io the WhatsApp app, and the victim unknowingly links a new device to their accou. Although WhatsApp clearly announces that a new device is being added, security researchers say many users ignore or misunderstand the warning message during the process.
Once pairing is complete, attackers gain full accou access without needing any autheication information. Gen Digital warns that many victims do not realize that an additional device is secretly connected to their accou. This situation allows criminals to monitor conversations, collect sensitive information, fake the ideity of the victim and send the same deceptive trap to the audience and discussion groups.
Earlier researchers have seen similar examples of abuse of device linking capabilities in attacks against other messaging platforms. The only reliable way to detect such an irusion is to manually check the Linked Devices section of WhatsApp settings. If the user sees a device in this list that he does not recognize, he should immediately remove that device from the accou.
Users are also advised to report suspicious messages and enable additional layers of accou protection, including two-step autheication. Tools like aivirus software can help ideify malicious websites, and malware removal solutions can be useful if more irusions have occurred. Ideity theft protection services can also mitigate damage after personal data is exposed, although these services themselves do not preve accou theft.
This type of exploit shows that even with explicit warnings from platforms when taking sensitive actions, user awareness remains one of the most importa security weaknesses.
