A new WhatsApp account hijacking campaign has begun abusing the platform’s multi-device feature, allowing attackers to gain full access to user accounts without stealing passwords or installing malware. The scheme relies entirely on social engineering, tricking victims into linking an attacker-controlled device to their WhatsApp account.
Security researchers warn that the attack operates quietly and can remain undetected while attackers read messages, impersonate victims, and spread the scam further.
How the scam works
Attackers start by sending messages that appear to come from trusted contacts. These messages often contain a short link and a vague prompt, such as a photo preview or shared content request, designed to encourage quick interaction.
When a victim clicks the link, they land on a phishing page styled to look legitimate. The page prompts the user to verify or confirm something related to their account. Behind the scenes, the attackers initiate WhatsApp’s official device-linking process using the victim’s phone number.
The victim then unknowingly completes the pairing process, which links the attacker’s device directly to their account.
What attackers gain
Once the attacker’s device becomes linked, WhatsApp treats it as a trusted session. This gives attackers extensive access without triggering obvious alerts.
Attackers can:
- Read conversations in real time
- View shared media and files
- Send messages while impersonating the victim
- Use the compromised account to target contacts and group chats
Because the victim’s primary device continues to function normally, many users do not realize that another device has joined their account.
Why the attack is effective
This campaign exploits WhatsApp’s multi-device functionality rather than a technical vulnerability. The feature was designed for convenience, but attackers now abuse it through deception.
Since the linking process uses official WhatsApp workflows, the attack bypasses traditional protections like SIM security or password controls. Without additional safeguards, users may not notice the compromise until suspicious messages appear.
Scope and spread
Researchers first observed the campaign in Czechia, but experts warn that compromised accounts can easily propagate the scam further. Once attackers control an account, they can send convincing messages to contacts, increasing the likelihood of additional victims.
This self-spreading nature makes the attack particularly dangerous, especially in tightly connected personal and professional networks.
How users can protect their accounts
WhatsApp users can reduce their risk by taking a few defensive steps:
- Review Linked Devices regularly and remove unknown sessions
- Enable two-step verification with a PIN
- Avoid clicking unexpected links, even from known contacts
- Warn contacts if suspicious messages appear to come from your account
Quick action can prevent attackers from maintaining long-term access.
Conclusion
This WhatsApp account hijacking campaign shows how attackers increasingly rely on manipulation rather than malware. By abusing device-linking features, they can take over accounts silently and at scale. As messaging platforms expand convenience features, users must stay alert to new forms of deception that turn legitimate tools into attack vectors.
0 responses to “WhatsApp account hijacking scams trick users into linking hacker devices”