In December 2025, India’s cyber watchdog CERT-In, along with the Ministry of Electronics and Information Technology (MeitY), issued a high-risk cyber alert over a new WhatsApp account takeover technique dubbed “GhostPairing.”
Unlike conventional hacks that rely on OTP theft or SIM
cloning, this method misuses WhatsApp’s official multi-device feature, turning
a legitimate function into a silent attack vector.
What Makes GhostPairing Different
GhostPairing does not break WhatsApp’s security
architecture. Instead, it tricks users into approving the attacker themselves,
making the compromise almost invisible.
.jpg)
Step-by-Step Breakdown of the Attack
Trust-Based Trap
Victims receive a casual message such as “Is this you in the
photo?” from a known contact. That contact’s account is usually already
compromised.
Lookalike Web Page
The link opens a fake media viewer designed to resemble
familiar platforms like Facebook or WhatsApp Web.
User-Led Authorization
The page asks for the victim’s phone number and then
instructs them to enter an 8-digit pairing code that appears inside their own
WhatsApp app.
Invisible Access Granted
Once entered, the attacker’s browser is added as a linked
device — without any warning, alert, or logout notification on the victim’s
phone.
Why This Attack Is Especially Dangerous
Live Surveillance
Hackers can read messages in real time, not just older
chats.
Full Media Control
Photos, videos, voice notes, and documents can be silently
downloaded.
Chain Infection
Attackers often use the hijacked account to message the
victim’s contacts, rapidly spreading the scam.
Potential Blackmail
Private chats or sensitive media may be weaponised for
extortion or targeted fraud.
Government-Issued Safety Advisory
Authorities have urged WhatsApp users to take immediate
preventive steps:
Audit Linked Devices Regularly
Open WhatsApp → Settings → Linked Devices and remove any
session you don’t recognise.
Turn On Two-Step Verification
Set a 6-digit PIN under Settings → Account → Two-step
verification to block unauthorized pairing.
Treat “Urgent” Links With Suspicion
Even if a message comes from a friend, avoid clicking
unknown links or entering your number on external sites.
Report Suspected Takeovers Immediately
File a complaint on the National Cyber Crime Reporting Portal or call 1930 for rapid assistance.
BY - Aaradhay Sharma
No comments:
Post a Comment