GhostPairing: New WhatsApp Account Takeover Scam Exploits Device Pairing Feature

A recently identified fraud campaign dubbed "GhostPairing" enables attackers to hijack WhatsApp accounts without requiring passwords, SMS interception, or SIM cloning. The attack leverages social engineering to manipulate victims into approving malicious device pairing requests, exploiting WhatsApp's legitimate multi-device functionality. While technical specifics about the pairing mechanism remain undisclosed in the source material, this method represents a concerning evolution in account takeover techniques. The primary impact involves unauthorized access to victims' WhatsApp accounts, potentially leading to privacy violations, financial fraud through linked payment services, or subsequent attacks on contacts. Notably, this approach bypasses traditional authentication safeguards, highlighting the growing sophistication of social engineering attacks. Cybersecurity professionals should emphasize user education regarding unsolicited pairing requests and implement additional verification measures for device linking operations. However, the current lack of details about attack vectors or geographic distribution limits comprehensive risk assessment. Organizations should monitor for unusual pairing activity and consider enhanced logging for WhatsApp Web sessions.