The Indian Computer Emergency Response Team, or CERT-In, has released an advisory warning WhatsApp users in India about a new level of cyber threats, nicknamed “Ghost Pairing,” which might allow attackers to take control of a person’s WhatsApp account even if the attackers do not know the person’s passwords or have swapped the person’s SIM cards.
As reported by CERT-In, the scam relies on WhatsApp’s link device functionality. This makes it possible for cybercriminals to have unauthorised access to the account, as they trick the user into approving their link device request. After that, they are capable of controlling the account using WhatsApp Web.
Also Read | Is Youtube queitly editing your videos with AI? Here's the allegation
What is the GhostPairing scam?
The scam usually begins with the message "Hi, check this photo," from what appears to be a trusted contact. The message has a link that has a Facebook-type preview.
Once this is done, the victim clicks on the link, which launches a deceptive Facebook viewer that requests that the user "verify" their credentials in order to gain access to the content. The process involves abusers using the “link device via phone number” facility available in WhatsApp, which requests that users provide their mobile numbers.
By following these steps, users unwittingly verify the attackers’ gadget as their connected WhatsApp gadget. No password is being stolen, and no SIM swap occurs.
“In a nutshell, the GhostPairing attack tricks users into granting an attacker’s browser access as an additional trusted and hidden device by using a pairing code that looks authentic,” said CERT-In in the advisory.
Also Read | In the age of AI-powered news, credibility now matters more than customised feeds
What occurs after a WhatsApp account has been hijacked?
Once the attacker’s device is connected, they gain access in the same way as WhatsApp Web.
They are then capable of:
Read messages synchronised with their device
Get new messages in real time
View photographs, videos, and voice messages
Messages sent from the actual victim's account
Access user messages and group chats
Attackers may use the compromised account to send messages to the contact group that can result in the spread of the scam.
How can users protect themselves?
CERT-In asked the public to follow some general precautions to avoid being compromised by the malware:
Refrain from clicking links even if they're sent by trusted sources
Don’t click links, even if they come from people
Never put your phone number on any online sites that claim a connection with WhatsApp or Facebook.
Also Read | Your AI chats are going on sale! Did you share too much?
To check your Linked Devices periodically, you can follow the path below:
WhatsApp > Settings > Linked Devices
Immediately log out of any device you don’t recognise.
Advisory for organisations
For organisations, CERT-In recommends the following: Organisations should conduct security awareness with a focus on threats on messaging applications, keep a watch on phishing attempts, implement mobile device management as needed, and be prepared for response actions for rapid detection and mitigation.
