- Hackers can hack WhatsApp accounts without ever cracking passwords or encryption
- GhostPairing attacks exploit legitimate device binding features to gain full account access
- Users are tricked by fake Facebook login pages into allowing attackers
Security researchers are warning WhatsApp users about a growing account hacking technique that doesn’t rely on breaking passwords or bypassing encryption.
Attackers leverage WhatsApp’s legitimate device linking feature to stealthily attach their own browser to a victim’s account.
Once linked, the attacker can read messages in real time, download shared media, and send messages that appear to come directly from the victim.
How the linking functionality is abused
The attack, dubbed GhostPairing, begins with a short message that appears to come from a trusted contact.
The message usually contains a link claiming to show a photo of the recipient.
To build credibility, the link preview often resembles Facebook content.
Clicking on the link redirects the victim to a fake Facebook login page hosted on a similar domain.
Instead of verifying anything, the page launches WhatsApp’s device pairing workflow.
Victims are asked to enter their phone number on the fake page, which allows the attacker to trigger a legitimate pairing request.
WhatsApp then generates a pairing code, which the attacker displays on the fraudulent site.
The victim is asked to enter this code into WhatsApp, unknowingly authorizing a new linked device.
Although WhatsApp clearly states that a device is added, researchers say many users forget or misunderstand the message during the process.
Once pairing is complete, attackers gain full access to the account without the need for authentication credentials.
Gen Digital warns that many victims are unaware that an additional device has been linked in the background.
This allows criminals to monitor conversations, collect sensitive information, pose as the victim and spread the same lure to contacts and group chats.
Researchers have previously observed similar device linking abuses in attacks against other messaging platforms.
The only reliable way to detect this type of compromise is to manually check the Linked Devices section in WhatsApp settings.
If the user does not recognize any device listed, it should be promptly removed from the account.
Users are also advised to report suspicious messages and enable additional account protections, including two-factor authentication.
Tools such as antivirus software can help flag malicious websites, while malware removal solutions can be useful if further compromise is suspected.
Identity theft protection services can reduce damage after personal data is exposed, although they do not prevent account takeover itself.
This exploitation shows that user awareness remains a critical weak point, even when platforms warn about sensitive actions.
Via Computer beeping
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
