A new scam is turning a legitimate WhatsApp feature into a takeover shortcut. Instead of cracking passwords, attackers rely on WhatsApp account hijacking through device linking, tricking victims into approving a pairing flow that quietly adds a malicious “linked device” to their account.
What’s being abused in WhatsApp
WhatsApp supports linking additional devices so people can use the service on a browser or secondary device. That convenience creates an opening when users treat a pairing prompt like a routine verification step.
Attackers do not need to break encryption or bypass the app’s normal protections. They push victims to complete the linking process on the attacker’s behalf, using social engineering and a code the victim enters willingly.
How the GhostPairing attack works
Researchers describe this campaign as “GhostPairing.” The flow is simple, which makes it effective.
Step 1: A lure message that looks safe
Victims receive a short message that appears to come from someone they know. The text often claims a photo was found, with a link that looks like a preview card.
Step 2: A fake page that triggers “verification”
The link opens a page designed to look familiar and trustworthy. The page prompts the victim to “verify” before viewing the content. The victim enters a phone number and follows on-screen instructions.
Step 3: Pairing code equals account access
At the crucial moment, the victim is prompted to enter a code. That action completes the device-linking process and connects an attacker-controlled browser or device to the victim’s WhatsApp account.
What attackers gain after a takeover
Once the attacker links a device, the impact can be serious.
- Chat access: Attackers can view conversation history that syncs to the linked device.
- Shared media exposure: Photos, videos, and attachments can become available.
- Impersonation: Attackers can message contacts as the victim and request money or sensitive details.
- Wider spread: Compromised accounts become distribution channels for the same lure.
This is why WhatsApp account hijacking in this style can escalate fast. It turns one compromised user into a trusted sender for the next wave.
Why victims often miss the compromise
This scam blends into normal behavior. Many users have linked WhatsApp to a browser before, so prompts and codes do not feel unusual. The attacker also benefits because the victim expects a “verification” step, so entering a code feels routine.
Detection can be tricky if users rarely check their linked devices list. That list becomes the most important place to spot something suspicious.
How to protect your WhatsApp account
You can reduce risk with a few habits that block this technique.
- Check Linked Devices regularly: Remove anything you do not recognize immediately.
- Enable two-step verification: Add a PIN that makes account changes harder to abuse.
- Treat codes as private: Never type a WhatsApp code into a page reached by a random link.
- Verify odd messages out-of-band: Call the contact or message them elsewhere before clicking.
- Warn your contacts quickly: If you suspect compromise, tell people not to trust recent links.
Conclusion
GhostPairing shows how attackers can weaponize a legitimate feature and win through persuasion instead of exploits. WhatsApp account hijacking becomes far easier when victims treat device linking like a harmless verification step. Strong habits matter here: protect your codes, review linked devices, and enable two-step verification so a single mistake does not hand over your account.
0 responses to “WhatsApp account hijacking via device linking hits users”