WhatsApp GhostPairing Lets Scammers Hijack Accounts Without Stealing Passwords

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

WhatsApp users are being targeted by a social-engineering technique called GhostPairing that can give scammers access to an account without requiring a password or one-time verification code.

Instead of breaking into the service directly, the scam abuses WhatsApp’s legitimate device-linking feature and relies on a victim being persuaded to approve a new connected device.

The risk is serious because a linked device can allow an attacker to read messages, monitor conversations, impersonate the account owner, and approach contacts with urgent requests.

This creates a familiar path to payment fraud and broader identity abuse, particularly when criminals exploit the trust attached to a known WhatsApp account.

Recent WhatsApp Web session hijacking cases show how a compromised messaging session can quickly be used for business-focused fraud.

Analysts from GenDigital identified GhostPairing as part of a wider shift in which criminals are moving their activity into trusted digital spaces rather than relying only on obvious malicious files or fake login pages.

GenDigital said in a report shared with Cyber Security News (CSN) that the technique turns a normal account-management function into an entry point for account takeover.

Family impersonation SMS (Source – GenDigital)

The campaign also reflects why password security alone cannot stop every account compromise. A victim may keep their password private and still lose control if they are manipulated into linking an attacker-controlled device, making careful verification and regular account checks essential.

WhatsApp GhostPairing Lets Scammers Hijack Accounts

GhostPairing begins with deception rather than a technical exploit. Scammers contact targets through messages, social-media posts, fake support requests, or other convincing pretexts, then guide them toward a QR code or linking request that appears harmless.

The goal is to get the victim to use WhatsApp’s companion-device workflow on behalf of the attacker.

Once the new device is approved, the criminal gains a persistent window into the victim’s chats without needing to know the account password.

This makes the method especially dangerous because victims may not immediately notice the compromise, while attackers can quietly study conversations before attempting fraud.

A previous WhatsApp device linking scam similarly showed how social engineering can turn the linking process into full account access.

Government impersonation lure (Source – GenDigital)

The attacker may then impersonate the victim, request money from friends or colleagues, collect sensitive details from chats, or use recovered conversations to make later messages seem more credible.

For organizations, a hijacked employee account can also support invoice scams, executive impersonation, and targeted phishing against partners.

Checking Linked Devices Matters

Users should treat unexpected QR codes, requests to scan a code, and instructions to “verify” or “secure” an account as warning signs.

WhatsApp does not need users to link an unfamiliar device to keep an account active, and any request that creates urgency should be verified through a separate, trusted channel.

The most important defensive step is to review the Linked Devices section in WhatsApp settings and immediately remove any session that is unfamiliar.

Users should also enable two-step verification, protect their phone with a screen lock, and avoid sharing verification codes or screen access with anyone claiming to provide support.

Guidance on WhatsApp verification code attacks reinforces that such codes should be treated like sensitive account credentials.

People who suspect an account takeover should disconnect unknown devices, alert contacts that suspicious messages may come from their account, and report the incident through WhatsApp’s official support options.

Organizations should require staff to confirm unusual payment or data requests by phone or another independent method, rather than trusting a message solely because it came from a familiar account.

New WhatsApp anti-scam security tools may add useful warnings, but user caution remains the strongest defense against GhostPairing-style manipulation.

Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.