- Hackers can hijack WhatsApp accounts without ever cracking passwords or encryption
- GhostPairing attacks exploit legitimate device connection capabilities to gain full account access
- Users are tricked by fake Facebook login pages into authorizing attackers
Security researchers are warning WhatsApp users about a growing account hijacking technique that doesn’t rely on cracking passwords or bypassing encryption.
Attackers exploit WhatsApp’s legitimate device connection feature to quietly link their own browser to a victim’s account.
Once connected, the attacker can read real-time messages, download shared media, and send messages that appear to come directly from the victim.
How the attachment feature is misused
The attack, tracked under the name GhostPairing, begins with a short message that appears to come from a trusted contact.
The message typically contains a link that claims to display a picture of the recipient.
To build credibility, the link preview often resembles Facebook content.
Clicking the link redirects the victim to a fake Facebook login page hosted on a lookalike domain.
Instead of verifying anything, the page starts WhatsApp’s device pairing workflow.
Victims are asked to enter their phone number on the fake page, which allows the attacker to trigger a legitimate pairing request.
WhatsApp then generates a pairing code that the attacker displays on the fraudulent website.
The victim is asked to enter this code inside WhatsApp and unknowingly authorize a new connected device.
Although WhatsApp clearly indicates that a device is being added, researchers say many users overlook or misunderstand the message during the process.
Once the pairing is complete, attackers gain full access to the account without needing authentication credentials.
Gen Digital warns that many victims remain unaware that an additional device has been connected in the background.
This allows criminals to monitor conversations, collect sensitive information, impersonate the victim and spread the same lure to contacts and group chats.
Researchers have previously observed similar device connection abuse in attacks against other messaging platforms.
The only reliable way to detect this type of compromise is to manually check the Connected Devices section of the WhatsApp settings.
If the user does not recognize any listed device, it must be immediately removed from the account.
Users are also advised to report suspicious messages and enable additional account protections, including two-factor authentication.
Tools such as antivirus software can help flag malicious websites, while malware removal solutions can help if further compromise is suspected.
Identity theft protection services can reduce damage after exposure of personal data, although they do not prevent account hijacking by themselves.
This exploit shows that user awareness remains a critical weak point, even when platforms provide warnings during sensitive actions.
Via Bleeding computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
