Hackers can take over WhatsApp accounts without cracking passwords or encryption. Attacks known as GhostPairing exploit the ability to link devices to gain full access to a user’s account. In this method, users are tricked through fake Facebook login pages to unwittingly grant permission to attackers. Security researchers have warned against the spread of this new method of account theft.
In this attack, attackers use the official device linking feature in WhatsApp to secretly connect their browser to the victim’s account. Once this connection is established, the attacker is able to view messages in real-time, download shared media files, and send messages that appear completely as messages sent by the victim.
Known as GhostPairing, the attack begins with a text message that appears to be sent by a trusted recipient. The message usually contains a link that claims to display an image of the recipient. To increase user trust, link previews are often designed to resemble Facebook content.
By clicking on this link, the victim is redirected to a fake Facebook login page hosted on a domain similar to the original one. This page starts the official WhatsApp device pairing process instead of any authentication process. At this point, the victim is asked to enter their phone number on the fake page; An action that allows an attacker to trigger a perfectly legitimate pairing request.
After that, WhatsApp generates a pairing code and the attacker displays this code on the fake website. The victim is then instructed to enter this code into the WhatsApp app, and the victim unknowingly links a new device to their account. Although WhatsApp clearly announces that a new device is being added, security researchers say many users ignore or misunderstand the warning message during the process.
Once pairing is complete, attackers gain full account access without needing any authentication information. Gen Digital warns that many victims do not realize that an additional device is secretly connected to their account. This situation allows criminals to monitor conversations, collect sensitive information, fake the identity of the victim and send the same deceptive trap to the audience and discussion groups.
Earlier researchers have seen similar examples of abuse of device linking capabilities in attacks against other messaging platforms. The only reliable way to detect such an intrusion is to manually check the Linked Devices section of WhatsApp settings. If the user sees a device in this list that he does not recognize, he should immediately remove that device from the account.
Users are also advised to report suspicious messages and enable additional layers of account protection, including two-step authentication. Tools like antivirus software can help identify malicious websites, and malware removal solutions can be useful if more intrusions have occurred. Identity theft protection services can also mitigate damage after personal data is exposed, although these services themselves do not prevent account theft.
This type of exploit shows that even with explicit warnings from platforms when taking sensitive actions, user awareness remains one of the most important security weaknesses.
Latest Passing over countries : Spain | Dominica | United Arab Emirates
RCO NEWS
