Technology News
English Edition
  • Home
  • Apps
  • Apps News
  • WhatsApp GhostPairing Scam Reportedly Lets Hackers Take Over Accounts Without Authentication

WhatsApp GhostPairing Scam Reportedly Lets Hackers Take Over Accounts Without Authentication

Instead of exploiting software flaws, GhostPairing relies on social engineering and tricks users into approving a malicious device themselves.

Written by Sucharita Ganguly, Edited by David Delima | Updated: 19 December 2025 18:57 IST
WhatsApp GhostPairing Scam Reportedly Lets Hackers Take Over Accounts Without Authentication

Photo Credit: Pixabay

GhostPairing is said to be highlighting broader risks in device-pairing systems used across many apps

Click Here to Add Gadgets360 As A Trusted Source As A Preferred Source On Google
Highlights
  • Attackers hijack accounts using WhatsApp device linking
  • Fake Facebook-style links lure users into pairing devices
  • Campaign first spotted in Czechia but can spread globally
Advertisement

A new WhatsApp account takeover technique that abuses the app's legitimate device-linking feature has been discovered by a cybersecurity firm. The campaign, dubbed GhostPairing, allows attackers to gain full access to a victim's WhatsApp account without stealing passwords, SIM cards, or authentication codes. Instead of exploiting software flaws, the attack relies on social engineering and tricks users into approving a malicious device themselves. The method is said to be difficult to detect, spreads quickly through trusted contacts, and highlights serious risks in how device-pairing features are currently designed and understood by users.

GhostPairing Scam Tricks WhatsApp Users Into Giving Hackers Full Access

According to a report by cybersecurity firm Gen Digital, the attack begins with a brief message sent from a trusted contact, often saying something like “Hey, I just found your photo!” The message includes a link that appears as a Facebook-style preview inside WhatsApp. Clicking the link leads users to a fake webpage designed to look like a Facebook photo viewer, which asks them to “verify” before viewing the content.

The verification step does not involve Facebook at all. Instead, the page quietly triggers WhatsApp's official device-pairing process. Victims are asked to enter their phone number, after which WhatsApp generates a numeric pairing code. The fake page then instructs users to enter this code inside WhatsApp, making it appear like a routine security check.

The report explained that by entering the code, users unknowingly approve the attacker's browser as a linked device. This gives attackers full WhatsApp Web access, allowing them to read conversations, receive new messages in real time, download media, and send messages as the victim. The phone continues to work normally, making the compromise difficult to notice.

The campaign was first observed in Czechia, but Gen Digital warned that it can spread easily across regions. Compromised accounts are used to send the same lure to contacts and group chats, allowing the attack to grow through existing trust networks rather than mass spam.

Researchers in the report noted that the method does not bypass encryption or exploit software flaws. Instead, it relies on social engineering and legitimate features working as designed. The report added that this makes the attack particularly concerning, as linked devices remain active until users manually remove them.

To stay safe, users are advised to regularly check WhatsApp's Settings > Linked Devices section and remove any unfamiliar sessions. The researchers also recommended treating any request to scan QR codes or enter pairing numbers from websites as suspicious, enabling two-step verification, and taking time to verify unexpected messages, even when they come from known contacts.

GhostPairing is said to be highlighting broader risks in device-pairing systems used across many apps. While convenience is a key feature, the report said clearer warnings, better context around pairing requests, and stronger controls could help reduce abuse.

Comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: WhatsApp, Facebook, Meta, WhatsApp Web, WhatsApp Hacking, GhostPairing
Sucharita Ganguly
Sucharita Ganguly
Sucharita is a writer with Gadgets 360 and is mostly found playing with her cat in her free time. She has previously worked at breaking news desks across organizations. Powered by coffee, The Beatles, Bowie, and her newfound love for BTS, she aims to work towards contributing to a better media environment for women and queer folk. More
Honor Magic V6 Tipped to Launch With 7,200mAh Dual-Cell Battery, Snapdragon 8 Elite Gen 5 SoC
New FIFA Game to Launch on Netflix Games in Time for FIFA World Cup Next Year

Related Stories

WhatsApp GhostPairing Scam Reportedly Lets Hackers Take Over Accounts Without Authentication
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
Turbo Read

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Google's Pixel Upgrade Program Lets You Get the Latest Model Every Year
  2. Here's When the Realme 16 Pro Series Will Launch in India
  3. Sony's Year-End Holiday Sale on PS5 Accessories, Games Kicks Off Next Week
  4. OTT Releases This Week: Thamma, Mrs Deshpande, Raat Akeli Hai The Bansal Murders, and More
  5. Here's How Much The Redmi Note 15 5G Could Cost in India
  6. Instagram Will Now Restrict the Number of Hashtags You Can Use
  7. Oppo Reno 15 Pro Mini Tipped to Launch as First Compact Reno Smartphone
  8. YouTube Bans Popular Channels for Making Misleading AI-Generated Movie Trailers
  9. Netflix Is Bringing a New FIFA Game in Time for 2026 FIFA World Cup
#Latest Stories
  1. Adobe Partners With Runway to Offer Firefly Users Early Access to Video Generation Models
  2. New FIFA Game to Launch on Netflix Games in Time for FIFA World Cup Next Year
  3. WhatsApp GhostPairing Scam Reportedly Lets Hackers Take Over Accounts Without Authentication
  4. Honor Magic V6 Tipped to Launch With 7,200mAh Dual-Cell Battery, Snapdragon 8 Elite Gen 5 SoC
  5. YouTube Bans Popular Indian Channel for Making Misleading AI-Generated Movie Trailers
  6. OpenAI Updates AI Guidelines to Prioritise Teen Safety Over Other Goals
  7. Dominic and The Ladies Purse Out on OTT: Know Everything About Streaming, Plot, Cast, and More
  8. Sony Announces Year-End Holiday Sale in India on PS5 Accessories, Games
  9. Xiaomi 17 Ultra Battery, Charging Specifications and Colourways Tipped Ahead of Launch
  10. Redmi Note 15 5G Price in India, Storage Configurations Tipped Ahead of January 6 Launch
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »