A new WhatsApp scam, called GhostPairing, has begun to quietly unsettle cybersecurity researchers as the attack somehow evades the app's most common security measures. These safety methods include one-time passwords and ‘SIM swap’ protections.
Unlike traditional WhatsApp hijacking techniques, which steal one-time passwords or copy SIM card information, GhostPairing exploits a less-documented, perfectly legal feature, namely, WhatsApp’s ‘Linked Devices’ option.
The service enables an individual to connect their number to several devices, such as a computer or a tablet, without the phone needing to be connected to the internet. The process involves scanning a code from the main phone, known as the quick response code.
The attackers, who use the GhostPairing malware, trick their victims into accepting the connection.
The most common way to launch this fraud is through a social engineering attack, which can take the form of WhatsApp support, HR at a firm, delivery, or even a friend. The target is asked to authenticate something or resolve an account issue, and is then asked to scan a given QR code.
By scanning the QR code, the attacker’s device connects to the victim’s WhatsApp account.
There is neither an OTP theft nor a SIM swap. The affected victim’s WhatsApp remains active, and the incident is difficult to detect.
Once successful GhostPairing is achieved, the attackers can:
Read incoming and outgoing messages in real time.
Access media files, documents, or shared links
Impersonate the victim to scam contacts.
Listen to conversations without being noticed.
Since the original user is not logged out, many victims do not discover the problem until suspicious messages from their own friends and money-transfer messages bring it to their attention.
Why GhostPairing Evades Traditional WhatsApp Security Alerts
Technologists point out that the problem with GhostPairing is that it never triggers the typical warnings expected in other scenarios, such as OTP notifications and SIM network issues. Two-step verification might not be effective at blocking this issue if the QR code is accessed knowingly.
“Users trust QR codes too readily,” said a digital safety analyst. “It is this trust that the GhostPairing method exploits.”
Also Read: WhatsApp Security Update Brings Real-Time Scam Detection
For safe avoidance of GhostPairing scams:
Never scan the QR codes sent to you via messages or emails.
Check Linked Devices on WhatsApp Settings regularly.
Allow two-step verification using a strong PIN.
Log out of any other linked devices immediately.
Be wary of last-minute verification inquiries.
WhatsApp has also admitted to more abuse of the ‘features of linked devices’ and continues to warn users not to scan QR codes from unknown sources. GhostPairing is a good reminder that convenient features can be backdoors if, together with human trust, the final goal turns out to be harmful. Just staying alert could be the best safety feature.