A newly discovered account takeover campaign targeting WhatsApp users<\/a> demonstrates how attackers can compromise messaging accounts without stealing passwords or exploiting technical vulnerabilities.<\/p>\n The threat, identified as the GhostPairing Attack, uses social engineering and WhatsApp\u2019s legitimate device linking feature to grant attackers complete access to victim accounts. <\/p>\n The campaign first emerged in Czechia but shows no geographic limitations, with attackers using reusable kits to scale their operations across multiple countries and languages.<\/p>\n The attack begins when victims receive messages from known contacts, typically suggesting they have found a photo. The message includes a link designed to appear as a Facebook content viewer. <\/p>\n When users click the link, they encounter a fake Facebook-themed page requesting verification before accessing content. <\/p>\n This familiar interface creates a false sense of legitimacy that encourages users to complete the verification process without questioning its authenticity.<\/p>\n Gen Digital analysts and researchers\u00a0discovered<\/a>\u00a0that the attack exploits WhatsApp\u2019s device pairing feature, which allows users to link additional devices, such as web browsers and desktop applications, to their accounts.<\/span><\/p>\n Rather than relying on technical exploits or credential theft<\/a>, attackers trick users into willingly approving an unauthorized device connection.<\/p>\n The infection mechanism relies on WhatsApp\u2019s phone number and numeric pairing code flow, making this attack particularly effective. <\/p>\n When users enter their phone number on the fake page<\/a>, the attacker\u2019s infrastructure intercepts the request and forwards it to WhatsApp\u2019s legitimate device linking endpoint. <\/p>\n WhatsApp generates a pairing code intended only for the account owner, but the attacker\u2019s website displays this code to the victim alongside instructions to enter it in WhatsApp to complete the login verification. <\/p>\n From the victim\u2019s perspective, this appears identical to standard two-factor authentication<\/a>. Once the victim enters the code in their actual WhatsApp application, they unknowingly approve the attacker\u2019s browser as a linked device. <\/p>\n The attacker now has persistent access to all historical conversations, incoming messages, photos, videos, and sensitive information shared in the account, while remaining completely invisible to the account holder.<\/p>\n The persistent nature of this access makes the attack particularly dangerous. Unlike traditional account hijacking that locks out legitimate users, GhostPairing allows attackers to observe conversations and gather intelligence indefinitely. <\/p>\n Compromised accounts become propagation vectors, enabling attackers to send the same lure messages to the victim\u2019s contacts, creating a snowball effect that multiplies the attack\u2019s reach. <\/p>\n Users can protect themselves by regularly checking their linked devices in WhatsApp Settings and removing unknown sessions, treating any external requests to scan QR codes or enter pairing codes as immediately suspicious, and enabling Two-Step Verification for additional account security.<\/p>\n Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in\u00a0Google<\/a>.<\/strong><\/p>\n The post New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"Lure](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrfWBMU77MFIg2VUaoiPukxAZx-5Z6GMXBRRho1eZOkvjAfdeGaGsRxHS1qhypiHAQONZsqZffykzcWJkWfZ7rzMHTeOh7DDmuDmdzhKbYbFElKkb2tuHydyg08Y3b5TeEAA27ht29-gU8m5ho_4o407SL3M7PR_8dRUWt3kKhvk-Ge1vRQfsOnDEy6Rs\/s16000\/Lure%2520message%2520%28Source%2520-%2520Gen%2520Digital%29.webp?ssl=1\")
Infection mechanism <\/strong><\/h2>\n
![\"Fake](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgN6abOZJFFC3bhC1RLZEtPKW2htWlV-iA2Re6qEKdnW1m5EsYELKULTEpZ-jJDg8WFI48qt52o4mi_yAPJ8DljFv-0dh0Qk3Z5GQ0T4JMCFPg9-hCzmsa13y09vV5iDwbPEkPQUNxpKTGFMOu1Z8tCZpyYx9iE3usCT8SrXXHq8t4OECTPvkoNvOx-0fY\/s16000\/Fake%2520Facebook%2520page%2520%28Source%2520-%2520Gen%2520Digital%29.webp?ssl=1\")
![\"Code](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-gwLu4M2F2lazWgC8Hg_KhmSdYICB2dmb2EOv4_eAxXLzPH0QZ3o8gh1jO4dzrEaQtpM6Hv40SWYiK-R6NvnScFo7EWQamjw9bBXVeLUuFSdc5JtfP9ZZKKMpe4Sz7zJ3ZOOPCRohCDP0CZ63wuOH6Wj7yMKZ_6wXxKK8hAs8pwzs4JCL7KZKLkppZz8\/s16000\/Code%2520sent%2520by%2520attackers%2520to%2520compromise%2520victim%25E2%2580%2599s%25E2%2580%2599%2520WhatsApp%2520account%2520%28Source%2520-%2520Gen%2520Digital%29.webp?ssl=1\")