Overview
- Indian computer emergency responders flagged GhostPairing as an active campaign that can seize full WhatsApp access without passwords or SIM swaps.
- The attack typically starts with a trusted-looking message and a link to a fake Facebook-style viewer that prompts victims to enter their phone number.
- Attackers exploit WhatsApp’s link device via phone number flow and pairing codes to register an attacker-controlled browser or device as a trusted client.
- Once linked, intruders can read messages in real time, view media and voice notes, send messages as the user, and access personal and group chats until removed.
- CERT-In urges users to avoid suspicious links, never submit phone numbers on external sites, and regularly review Linked Devices to log out any unfamiliar sessions.