New ‘GhostPairing’ attack exposes WhatsApp chats and media

Staying vigilant and verifying every request can help prevent unauthorised access and protect personal data
Pareesa Afreen Pareesa Afreen - Pareesa Afreen Dec 20, 2025
An undated image. — Unsplash

An undated image. — Unsplash 

Security researchers have warned of a new cyber threat targeting WhatsApp users that allows attackers to take over accounts without needing a password. 

The attack, known as GhostPairing, was recently identified by researchers at Gen Digital and exploits WhatsApp’s legitimate device-linking feature to gain full access to private chats and media.

How does GhostPairing scam works?

Most of these attacks start with a message from a known contact, whose account has already been compromised. They commonly include very vague text, for example, "I just found your photo," attached to a link. 

When this link is opened, it appears to be some sort of preview for a Facebook post, but it actually redirects users to a phishing site.

Once there, the target would be requested to input their phone number, on the pretext of verification. The attackers then start the official device-pairing procedure on WhatsApp and send the victim a numeric code or QR code, which users are instructed to enter or scan inside the app. 

In such a case, users inadvertently attach the attacker's device to their WhatsApp account.

What can attacker access your WhatsApp?

After pairing is done, criminals get complete access to a WhatsApp account that belongs to the victim: reading past conversations, viewing shared photos and videos, and sending messages while pretending to be the user. 

Attackers then use the compromised account to commit fraud, extort money, or spread the scam further among contacts. Sometimes, such an access can remain unnoticed for months.

How to stay protected from hackers?

Users are advised to be aware of unsolicited links that appear to come from known contacts. It is very essential to check URLs of websites carefully, as GhostPairing scams often use domains similar to legitimate platforms.

WhatsApp users can review active connections by navigating to Settings > Linked Devices. Any unfamiliar devices should be removed immediately.

WhatsApp also sends alerts when a new device attempts to link to an account, and experts stress the importance of reading these prompts carefully before entering any codes.


Top 5 digital scams targeting Pakistan in 2025
Top 5 digital scams targeting Pakistan in 2025
Islamabad IT park, to be completed by late February
Islamabad IT park, to be completed by late February
PM Cloud Program launches to cut cloud costs for Pakistani startups
PM Cloud Program launches to cut cloud costs for Pakistani startups
NCCIA warns public of rising digital fraud cases
NCCIA warns public of rising digital fraud cases
Pakistan to launch its first council focused on digital businesses
Pakistan to launch its first council focused on digital businesses
Wi-Fi still slow at home? Experts reveal best spot for your router
Wi-Fi still slow at home? Experts reveal best spot for your router
Is govt planning to ban X in Pakistan? Here’s what you should know
Is govt planning to ban X in Pakistan? Here’s what you should know
Google and NextEra expand partnership to power AI-scale data centres
Google and NextEra expand partnership to power AI-scale data centres
CCTV and biometric systems rolled out for BISE Rawalpindi exams
CCTV and biometric systems rolled out for BISE Rawalpindi exams
Sindh to review e-challan fines, forms committee over public complaints
Sindh to review e-challan fines, forms committee over public complaints
Punjab govt introduces free Wi-Fi in girls colleges
Punjab govt introduces free Wi-Fi in girls colleges
Punjab to introduce digital exam system across all boards of education
Punjab to introduce digital exam system across all boards of education

COPYRIGHT © 2025 GADiNSiDER, All Rights Reserved | Contact Us