Cybersecurity researchers have warned WhatsApp users of a newly discovered hacking technique that allows attackers to take over accounts without cracking passwords or breaking end-to-end encryption.

The method exploits WhatsApp’s legitimate “linked devices” feature, enabling criminals to secretly connect their own browser to a victim’s account.

Known as ‘GhostPairing’, the attack begins with a deceptive message that appears to come from a trusted contact. The message typically contains a link claiming to show a photograph of the recipient. To appear authentic, the link preview often mimics Facebook content.

When the victim clicks the link, they are redirected to a fake Facebook login page hosted on a look-alike domain. Instead of verifying credentials, the fraudulent page initiates WhatsApp’s official device-linking process.

Victims are prompted to enter their phone number, which allows attackers to trigger a legitimate pairing request from WhatsApp’s servers.

A pairing code generated by WhatsApp is then displayed on the fake website. The victim is instructed to enter this code into WhatsApp, unknowingly authorizing the addition of a new linked device.

Although WhatsApp displays a notification warning that a new device is being connected, researchers say many users overlook or misunderstand the alert during the process.

Once the pairing is complete, attackers gain real-time access to messages, shared media and conversations. They can also send messages that appear to originate from the victim’s account, enabling further fraud and the spread of the attack to contacts and group chats.

Cybersecurity firm Gen Digital warned that many victims remain unaware that an unauthorized device is connected in the background.

This allows attackers to monitor conversations, collect sensitive information and impersonate victims convincingly.
Researchers note that similar abuse of device-linking features has previously been observed on other messaging platforms.

They stress that the only reliable way to detect such a breach is to manually check the “Linked Devices” section within WhatsApp’s settings. Any unfamiliar device should be removed immediately to secure the account.