Recently, the Indian Computer Emergency Response Team (CERT-In) issued an advisory warning WhatsApp users about an active cyber threat campaign that uses a new attack technique known as GhostPairing. This method allows cybercriminals to take control of WhatsApp accounts without the user’s knowledge or authorization.
What is GhostPairing?
GhostPairing is a sophisticated WhatsApp account takeover technique in which hackers secretly link their own device to a victim’s WhatsApp account.
The attack gives near-complete access to the victim’s WhatsApp account.
It does not require passwords, SIM swapping, or physical access to the victim’s phone.
Hackers exploit the WhatsApp multi-device pairing feature by tricking users into sharing pairing codes.
Important Point: Victims often remain unaware that their WhatsApp account has been compromised.
How GhostPairing Works (Modus Operandi)
Initial Lure Message
Victims receive a message from a trusted contact saying, “Hi, check this photo.”
Malicious Link with Social Media Preview
The message contains a malicious link that displays a Facebook-style preview, making it appear legitimate.
Fake Verification Page
Clicking the link redirects users to a fake Facebook content viewer, which asks them to “verify” to view the content.
Extraction of Pairing Credentials
Victims are prompted to enter their phone number and WhatsApp pairing code.
Account Takeover
By entering these details, victims unknowingly link the attacker’s device to their WhatsApp account, granting hackers full control.
Impact of GhostPairing Attacks
Hackers can read messages, send messages, access contacts, and monitor communications.
Compromised accounts can be used to spread malware, conduct financial fraud, or target additional victims.
The attack exploits social engineering, rather than technical flaws, making it harder to detect.
Role of CERT-In
The Indian Computer Emergency Response Team (CERT-In) functions under the Ministry of Electronics and Information Technology (MeitY).
It is responsible for handling cyber security incidents, issuing advisories, and strengthening India’s cyber resilience.
CERT-In has advised users to avoid clicking suspicious links, never share verification or pairing codes, and enable additional security settings on WhatsApp.
Preventive Measures for Users
Do not click on unknown or suspicious links, even if they appear to come from trusted contacts.
Never share WhatsApp pairing or verification codes with anyone.
Regularly check linked devices in WhatsApp settings and remove unknown devices.
Enable two-step verification on WhatsApp for additional protection.
Conclusion
GhostPairing highlights the growing sophistication of cyber attacks that exploit user trust and social engineering rather than technical vulnerabilities. The CERT-In advisory underscores the need for digital awareness, cautious online behaviour, and proactive security practices to protect personal communication platforms like WhatsApp.
We provide offline, online and recorded lectures in the same amount.
Every aspirant is unique and the mentoring is customised according to the strengths and weaknesses of the aspirant.
In every Lecture. Director Sir will provide conceptual understanding with around 800 Mindmaps.
We provide you the best and Comprehensive content which comes directly or indirectly in UPSC Exam.
If you haven’t created your account yet, please Login HERE !
We provide offline, online and recorded lectures in the same amount.
Every aspirant is unique and the mentoring is customised according to the strengths and weaknesses of the aspirant.
In every Lecture. Director Sir will provide conceptual understanding with around 800 Mindmaps.
We provide you the best and Comprehensive content which comes directly or indirectly in UPSC Exam.
Offline/Online Class