Indian cyber security agency CERT-In has flagged a vulnerability in WhatsApp’s device-linking feature that allows attackers to gain “complete” control of user accounts, including access to real-time messages, photos and videos on the web version. In an advisory issued on Friday and accessed by PTI, the Indian Computer Emergency Response Team named the issue “GhostPairing”. ADVERTISEMENT“It has been reported that malicious actors are exploiting WhatsApp's device-linking feature to hijack accounts using pairing codes without authentication requirement,” the agency said. “This newly identified cyber campaign called GhostPairing enable cyber criminals to take complete control of WhatsApp accounts without needing password or SIM swaps,” the advisory said. During this process, attackers exploit WhatsApp’s “link device via phone number” feature by tricking users into entering their phone numbers on the fraudulent site.

Source: The Telegraph December 20, 2025 13:16 UTC