GhostPairing Account Hijacking — How to Identify & Stay Safe

Severity: CRITICAL | View Full Scam Details

GhostPairing Account Hijacking: The New Threat to Indian WhatsApp Users (2025)

In early 2025, the Indian Computer Emergency Response Team (CERT-In) issued a high-severity warning regarding a new exploit known as GhostPairing. This vulnerability allows cybercriminals to hijack WhatsApp accounts without the traditional requirement of an OTP (One-Time Password) intercepted via SMS.

As India remains one of the largest markets for WhatsApp, this phishing-based hijacking method poses a massive risk to personal privacy and national security.

What is GhostPairing Account Hijacking?

GhostPairing is a sophisticated phishing attack that exploits the "Link a Device" feature of WhatsApp. Unlike traditional scams that try to steal your SMS OTP, GhostPairing tricks the user into manually initiating a device pairing session with the attacker’s computer. Once paired, the attacker has full access to your chats, contacts, and media in real-time, often without you even realizing your account is compromised.

How does the GhostPairing Scam work?

1. The Lure: You receive a message or see an ad for a third-party service—perhaps a tool to "see who visited your profile," "WhatsApp Gold," or "recover deleted messages."

2. The Data Entry: The malicious website asks you to enter your WhatsApp phone number to "connect" the service.

3. The Trigger: Behind the scenes, the attacker’s server uses your number to request a "Pair with Phone Number" code from the official WhatsApp Web interface.

4. The Social Engineering: You receive a notification on your phone: "Enter this code to link a new device." The attacker, through the fake website, instructs you to enter this code into your WhatsApp settings to activate the promised premium features.

5. The Hijack: The moment you enter that code, the attacker’s browser is linked to your account. They now have a mirror of your WhatsApp on their server.

Why is this Severity Critical?

This scam is rated 'Critical' because it bypasses the psychological safety net of the OTP. Most users are trained not to share an SMS OTP, but they may not be as cautious about a "Pairing Code" requested by a website they believe is legitimate. Furthermore, because it uses official WhatsApp features, antivirus software often fails to detect the intrusion.

Red Flags to Watch Out For

* Unsolicited Pairing Notifications: If your phone suddenly shows a WhatsApp pairing code that you didn't request, an attacker is trying to link to your account.

* Third-party 'Social' Tools: Any website that requires your WhatsApp number to provide "extra" social features is a high risk.

* Messages from Unknown Numbers: Links promising "WhatsApp Premium" or "Enhanced Privacy Mode" are almost always phishing attempts.

How to Protect Your WhatsApp Account

1. Enable Two-Step Verification (2FA): This adds a PIN to your account. Even if a device is paired, certain actions will require this PIN.

2. Audit Linked Devices: Go to WhatsApp Settings > Linked Devices regularly. If you see a device you don't recognize (e.g., "Chrome on Linux" or "MacOS"), log it out immediately.

3. Never Use Phone-Number Pairing for Third Parties: Only use the QR code scanning method, and only on your own trusted personal computer.

4. Use BharatSecure: Always verify suspicious links at bharatsecure.app before interacting with them.

FAQ: GhostPairing Hijacking in India

What is GhostPairing Account Hijacking?

It is a phishing method where attackers use the 'Link with Phone Number' feature of WhatsApp to gain access to a victim's account without needing an SMS OTP.

How does it work?

Attackers trick victims into entering their phone numbers on fake websites. These websites then trigger a real WhatsApp pairing request. The victim, thinking they are activating a service, confirms the pairing, giving the attacker full access.

How to protect my account?

Never enter your phone number on external sites for WhatsApp-related features. Enable Two-Step Verification in your settings and regularly check your 'Linked Devices' list for unauthorized sessions.

How to report this scam in India?

If you have been a victim, immediately log out all linked devices. Report the incident on the National Cyber Crime Reporting Portal at cybercrime.gov.in or call the helpline at 1930.

Conclusion

Cybercriminals are constantly evolving. The GhostPairing vulnerability proves that even without an OTP, your account is at risk if you are not vigilant. Stay safe by sticking to official apps and verifying every link you receive.