It often starts with a message that feels completely normal. A quick “Hi, check this photo” from someone you know. Nothing suspicious, nothing urgent. Just another link in a WhatsApp chat. But according to India’s cyber security agency, that one click could be enough to quietly hand over control of your WhatsApp account to a cyber criminal.
India’s national cyber response body, CERT-In, has flagged a serious security issue in WhatsApp that attackers are already exploiting. The vulnerability, called “GhostPairing,” targets WhatsApp’s device-linking feature and allows criminals to access a user’s account without needing a password, an OTP, or even a SIM swap.
The attack works by taking advantage of how people normally use WhatsApp Web. After clicking on the link, users are redirected to a fake website that looks like a familiar Facebook-style media viewer. To see the photo or video, the site asks users to “verify” themselves. During this step, victims are asked to enter their phone number, believing it is part of a routine check.
What users don’t realise is that this action allows attackers to secretly link their own browser to the victim’s WhatsApp account using a pairing code that looks legitimate. Once linked, the attacker’s device becomes a hidden, trusted device on WhatsApp Web.
From there, the access is deep. Attackers can read synced messages, receive new messages in real time, view photos and videos, listen to voice notes, and even send messages to the victim’s contacts and group chats. To friends and family, those messages appear to be coming from the real user, making the takeover even harder to detect.
CERT-In has classified the GhostPairing campaign as high severity, warning that it gives cyber criminals near-complete control of affected accounts. What makes it especially dangerous is how quietly it happens. There are no dramatic alerts, no obvious signs of hacking, and no immediate lockout for the real user.
The agency has urged WhatsApp users to slow down and stay alert online. Even messages from trusted contacts should be treated with caution if they include unexpected links. Users are also advised to avoid entering their phone numbers on websites claiming to be connected to WhatsApp or Facebook.
WhatsApp has not yet issued a public response to the advisory. Until then, experts say a simple habit can help: regularly checking the “linked devices” section in WhatsApp and removing anything unfamiliar. In an age where attacks blend seamlessly into everyday chats, a moment of caution can make all the difference.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
