GhostPairing Attack Puts WhatsApp Accounts at Serious Risk
A new attack campaign known as GhostPairing has emerged, and it places WhatsApp accounts at significant risk. Researchers identified the method after observing victims tricked into completing the app’s legitimate device-pairing process. As a result, an attacker’s browser gets added as a hidden linked device. Importantly, this happens without stealing passwords or triggering obvious security alerts.
How the GhostPairing attack works
The attack typically begins with a message containing a link that displays a Facebook-style preview. When users tap the link, they are redirected to a page that mimics a Facebook viewer. At this stage, the page asks users to “verify” before viewing the content.
Although the steps look routine, they silently grant attackers access to the WhatsApp account. Consequently, cybercriminals exploit cross-platform features to bypass protections without breaking encryption directly. This approach makes the attack harder to detect and easier to scale.
The campaign was first observed in the Czech Republic. There, compromised accounts sent short messages with images and links to local contacts. Over time, this pattern revealed how attackers spread access using trusted accounts.
Impact and steps to stay protected
GhostPairing undermines the practical safety of end-to-end encryption by abusing device linking rather than cracking messages. While messages remain encrypted, attackers can still read them through the linked device. As a result, victims may never realize their chats are being monitored.
Notably, the attack does not demand money, hijack passwords, or disrupt phone performance. Instead, it relies on remaining invisible. Therefore, attackers can retain access unless the linked device is manually removed.
To reduce risk, users should regularly review linked devices. First, open WhatsApp and go to Settings. Then, navigate to Linked Devices and review all active sessions. Finally, log out of any device that looks unfamiliar. Repeating this check periodically helps detect and stop similar threats early.
