Cybersecurity researchers have uncovered an active account-takeover campaign targeting WhatsApp users.
Dubbed GhostPairing, the attack exploits WhatsApp’s legitimate multi-device pairing feature to secretly add an attacker’s browser as a linked device—giving criminals direct access to messages without alerting the victim.
WhatsApp’s device-pairing feature allows users to connect laptops or browsers via WhatsApp Web while maintaining end-to-end encryption.
However, attackers are abusing this trusted workflow to bypass protections by convincing users to unknowingly approve a malicious pairing request.
The scam typically begins with a lure such as, “Hey, I found your photo,” followed by a link to a fake website designed to resemble a Facebook or Meta login page.
Victims are asked to enter their phone number to “verify” before viewing the image.
Using this number, attackers initiate a WhatsApp device-pairing request.
In one variant, victims are shown a QR code to scan.
In a more effective version, they receive a numeric code and are prompted to enter it directly into WhatsApp.
Believing it to be a routine verification step, users unknowingly link the attacker’s device.
Once access is gained, criminals can impersonate victims, message contacts, harvest private data, and spread the scam rapidly.
To stay safe, users should avoid unsolicited links, enable WhatsApp’s two-step verification, carefully read pairing prompts, and regularly review Linked Devices to remove any unauthorized access immediately.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
