- Hackers can take over your WhatsApp account without breaking your password or encryption.
- Ghostpirating attacks exploit the linking capabilities of legitimate devices to gain access to the full account.
- The user was tricked into agreeing to the attackers using a fake Facebook login page.
Security researchers are warning WhatsApp users about a growing number of account hacking methods that don’t rely on cracking passwords or bypassing encryption.
Attackers use WhatsApp’s legitimate device linking feature to covertly link a browser to a victim’s account.
Once connected, the attacker can read messages in real time, download publicly available media, and send messages that appear to come directly from the victim.
How the link function is abused
Ghostpirating attacks begin with a short message that appears to come from a trusted party.
The message usually contains a link whose purpose is to show the recipient a photo.
For added authenticity, link previews often resemble Facebook content.
After clicking the link, victims are redirected to a fake Facebook login page hosted on a similar domain.
Instead of confirming the contents of this page, the WhatsApp device pairing workflow will begin.
Victims are asked to enter their phone number on the fake page, which allows the attacker to send legitimate connection requests.
WhatsApp then generates a pairing code, which the attacker displays on the fraudulent website.
Victims are unknowingly asked to enter this code into WhatsApp to authenticate the newly connected device.
While WhatsApp has been clear that more devices will be added, researchers say many users are ignoring or misunderstanding messages.
Once pairing is complete, the attacker has full access to the account without requiring authentication credentials.
General Digital warns that many victims are unaware that additional devices are connected in the background.
This allows criminals to monitor conversations, collect sensitive information, impersonate victims, and distribute similar bait across contacts and group chats.
Researchers have previously seen misuse of similar device links in attacks on other messaging platforms.
The only reliable way to detect this type of corruption is to manually check the (Connected Devices) section in WhatsApp Settings.
If the user does not recognize the device in the list, they must remove it from their account immediately.
We also encourage users to report suspicious messages and enable additional account security, including two-factor authentication.
Tools like antivirus software can help report malicious websites, but if greater damage is suspected, malware removal solutions can help.
Identity theft prevention services can minimize the damage caused by a breach of personal information, but they cannot prevent account theft on their own.
This exploit shows that although platforms issue warnings during sensitive transactions, user awareness remains a major flaw.
For computer spying
