A new scam has been rolled out in the market targeting WhatsApp users. Through this sophisticated new scam hackers exploit the app’s device-linking feature to gain full access to victims’ accounts. The cybersecurity experts have warned that the campaign, called GhostPairing. This allows attackers to hijack accounts without stealing passwords, SIM cards, or OTPs.
The GhostParing relies entirely on social engineering, tricking users into approving a malicious device themselves. This method is tough to detect and spread quickly through trusted contacts and raises serious questions about how device pairing features are designed and understood.
How hackers work
As per experts and reports, the scam begins with a seemingly innocent message from a trusted contact, such as “Hey, I just find your photo!” The message contains a link that displays a Facebook-style preview inside WhatsApp.
Clicking the link leads users to a fake webpage resembling a Facebook photo viewer, which prompts users to ‘verify’ before seeing the content. In reality, this step triggers WhatsApp’s official device-pairing process. Users are asked to enter their phone number, after which WhatsApp generates a numeric pairing code. The fake page then instructs users to enter this code in WhatsApp, presenting the process as a routine security check.
After entering the code, victims unknowingly approve the attacker’s device. This grants the hackers full WhatsApp Web access, enabling them to read messages, download media, send messages as the victim, and receive new messages in real time, all while the phone continues to function normally, making the breach difficult to notice.
How to stay safe
To protect against GhostPairing, users are advised to follow these steps
-
Regularly check settings > Linked Devices in WhatApp and remove any unfamiliar sessions.
-
Be cautious of any requests to scan QR codes or enter pairing codes from websites.
-
Enable two-step verification for added security.
-
Verify unexpected messages carefully, even if they appear to come from known contacts.
Cybersecurity experts warn that vigilance is essential, as attacks like GhostPairing exploit human trust rather than technical vulnerabilities.
Syed Ziyauddin is a media and international relations enthusiast with a strong academic and professional foundation. He holds a Bachelor’s degree in Mass Media from Jamia Millia Islamia and a Master’s in International Relations (West Asia) from the same institution.
He has work with organizations like ANN Media, TV9 Bharatvarsh, NDTV and Centre for Discourse, Fusion, and Analysis (CDFA) his core interest includes Tech, Auto and global affairs.
Tweets @ZiyaIbnHameed
