Breaking News

Government warns WhatsApp users of ‘GhostPairing’ account hijacking risk

by VARINDIA 2025-12-27

India’s cybersecurity authority, the Indian Computer Emergency Response Team (CERT-In), has issued a high-severity alert warning WhatsApp users of a newly identified vulnerability that could allow hackers to take complete control of accounts. The flaw, dubbed “GhostPairing”, exploits WhatsApp’s device-linking feature and enables attackers to access messages, photos and videos through WhatsApp Web without requiring passwords or SIM-swap attacks.

According to the advisory, which was issued on December 20, cybercriminals are actively abusing the platform’s device-linking mechanism by generating pairing codes that bypass standard authentication checks. Once exploited, attackers can secretly link their own browser or device to a victim’s WhatsApp account, gaining near-full access without alerting the user.

How the ‘GhostPairing’ Attack Works

CERT-In explained that the attack typically begins with social engineering. Victims may receive a message such as “Hi, check this photo” from what appears to be a trusted contact. The message includes a link with a familiar social media-style preview, often resembling a Facebook page.

Clicking the link redirects users to a fake webpage that prompts them to “verify” their identity to view the content. At this stage, attackers trick users into entering their phone numbers, unknowingly authorising a malicious device to link to their WhatsApp account using the pairing process. The advisory noted that the pairing code shown during the attack looks legitimate, making it difficult for users to detect the threat.

Full Access without Passwords or SIM Swaps

Once a rogue device is linked, attackers gain access similar to a genuine WhatsApp Web session. CERT-In warned that hackers can read synced chats, receive new messages in real time, view photos, videos and voice notes, and even send messages to the victim’s contacts and group chats. This level of access allows criminals to impersonate users, spread scams further, or extract sensitive personal information.

The agency categorised the GhostPairing campaign as a “high-risk” threat, highlighting its ability to bypass traditional security safeguards such as passwords and SIM verification. A response from WhatsApp regarding the advisory is awaited.

CERT-In’s Safety Recommendations

To reduce risk, CERT-In has urged users to remain cautious, even when messages appear to come from known contacts. The agency advised against clicking suspicious links and warned users not to enter phone numbers on external websites claiming to be linked to WhatsApp or Facebook.

The advisory underscores growing concerns around messaging-platform security and highlights the need for users to regularly review linked devices and adopt safer online habits as cyber threats continue to evolve.