What is GhostPairing? The WhatsApp scam that hijacks accounts without OTPs or SIM swaps
A new scam dubbed GhostPairing is targeting WhatsApp users by abusing the app’s device-linking feature. The attack tricks victims into approving a malicious device, giving hackers full access without passwords, SIM swaps or verification codes. Here is how to stay safe.
A sophisticated new scam targeting WhatsApp users has been uncovered, exploiting the app’s device-linking feature to gain full access to victims’ accounts. Cybersecurity experts have warned that the campaign, called GhostPairing, allows attackers to hijack accounts without stealing passwords, SIM cards, or verification codes.
Unlike conventional hacks, GhostPairing relies entirely on social engineering, tricking users into approving a malicious device themselves. The method is reportedly hard to detect, spreads quickly via trusted contacts, and raises serious questions about how device-pairing features are designed and understood.
How the Attack Works
According to a report by cybersecurity firm Gen Digital, the scam begins with a seemingly innocent message from a trusted contact, such as “Hey, I just found your photo!” The message contains a link that displays as a Facebook-style preview inside WhatsApp.
Clicking the link leads users to a fake webpage resembling a Facebook photo viewer, which prompts them to “verify” before seeing the content. In reality, this step triggers WhatsApp’s official device-pairing process. Users are asked to input their phone number, after which WhatsApp generates a numeric pairing code. The fake page then instructs users to enter this code in WhatsApp, presenting the process as a routine security check.
By entering the code, victims unknowingly approve the attacker’s device. This grants the hacker full WhatsApp Web access, enabling them to read messages, download media, send messages as the victim, and receive new messages in real time, all while the phone continues to function normally, making the breach difficult to notice.
Rapid Spread Through Trusted Networks
The campaign was initially observed in Czechia, but experts warn it could spread internationally. Compromised accounts are used to send the same deceptive links to contacts and group chats, exploiting existing trust networks instead of relying on mass spam campaigns.
Researchers emphasised that GhostPairing does not bypass encryption or exploit software flaws. Instead, it takes advantage of legitimate features working as designed, making it particularly alarming. Linked devices remain active until manually removed by the user, which means a compromised account could remain exposed indefinitely.
How to Stay Safe
To protect against GhostPairing, users are advised to:
- Regularly check Settings > Linked Devices in WhatsApp and remove any unfamiliar sessions.
- Be cautious of any requests to scan QR codes or enter pairing codes from websites.
- Enable two-step verification for added security.
- Verify unexpected messages carefully, even if they appear to come from known contacts.
Cybersecurity experts warn that vigilance is essential, as attacks like GhostPairing exploit human trust rather than technical vulnerabilities.
- GhostPairing exploits legitimate app features rather than relying on technical vulnerabilities.
- The scam spreads through trusted contacts, making it difficult for victims to detect.
- Users should be cautious about unsolicited messages and verify links before clicking.
About the Author
Govind Choudhary is a Senior Content Producer for Mint with over 04 years of experience covering technology and automobiles. He holds a Master's diplo...Read More
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.