WhatsApp users alert! Indian government flags ‘GhostPairing’ scam that can hijack accounts silently
Indian government warns WhatsApp users about the GhostPairing scam that silently hijacks accounts using device linking. Here’s how the scam works and how users can stay safe.
India(BHARAT)n cybersecurity agency Computer Emergency Response Team – India(BHARAT) (CERT-In) has released an advisory for WhatsApp users across the country. They have warned them of a high-severity cyber threat called GhostPairing. It’s a form of WhatsApp scam that allows an attacker to silently gain complete control of the victim’s WhatsApp account without the need to steal their password or SIM card.
What is GhostPairing Scam?
GhostPairing is a social engineering attack that exploits a legitimate WhatsApp feature called device-linking or WhatsApp pairing. It allows users to link their WhatsApp account to WhatsApp Web and other devices.
Cybercriminals have found a way to use WhatsApp device-linking as an attack vector using the social engineering method. Victims of this scam don’t know that they have unknowingly linked an attacker’s device to their WhatsApp account.
But unlike other forms of WhatsApp hacks that often require stealing credentials or hijacking WhatsApp with a password, one-time password (OTP), or SIM swap, the GhostPairing scam works differently. It doesn’t require either the attackers to have access to a victim’s phone or the victim’s WhatsApp credentials. Instead, it relies on psychological manipulation.
Scam Working Method
CERT-In has explained how the scam typically works. The attack usually starts with a WhatsApp message from a number the victim trusts. It will say something like: “Hi, check this photo.” Then, the victim receives a link that redirects to a fake website.
The victim will click on the link and the fake site will prompt them to “verify” before they can view the content. At this stage, the victim is unknowingly starting the WhatsApp device-linking process. This is because entering their phone number or pair code will prompt WhatsApp to display a QR code. By scanning this QR code on the attacker’s device, users will unknowingly authorize the attacker’s device as a trusted linked session on their WhatsApp account.
From there, the attacker’s device will be displayed on the “Linked Devices” list on WhatsApp. This grants the attacker full access to the WhatsApp account, and the victim will not be alerted of the intrusion.
What attackers can access?
A linked device, through the GhostPairing WhatsApp scam, grants the attacker almost full access to the WhatsApp account. It is similar to how a WhatsApp Web session works. Attackers can:
- View historic and incoming messages.
- Access photos, videos, and voice notes.
- Track chats in real time.
- Send messages on WhatsApp.
- Impersonate victims to other users.
Spread the WhatsApp scam to more victims.
Attackers will also be able to control victim accounts for long periods since users will not be notified of the attack.
Safety Tips and Government Advisory
CERT-In and India(BHARAT)’s Ministry of Electronics and Information Technology (MeitY) have advised all WhatsApp users to be extra cautious and not to click on suspicious links and websites.
In addition, they also recommend:
Checking WhatsApp’s “Linked Devices” list regularly and deleting unknown and suspicious devices.
Users should also enable the two-step verification feature on their WhatsApp accounts.
What's Your Reaction?
