Sunday, Jul 12, 2026
English News
  • Hyderabad
  • Telangana
  • AP News
  • India
  • World
  • Entertainment
  • Sport
  • Science and Tech
  • Business
  • Rewind
  • ...
    • NRI
    • View Point
    • cartoon
    • My Space
    • Education Today
    • Reviews
    • Property
    • Lifestyle
E-Paper
  • NRI
  • View Point
  • cartoon
  • My Space
  • Reviews
  • Education Today
  • Property
  • Lifestyle
Home | Business | Indian Cyber Agency Warns Of Whatsapp Ghostpairing Account Hijack

Indian cyber agency warns of WhatsApp ‘GhostPairing’ account hijack

CERT-In has flagged a high-severity WhatsApp vulnerability called GhostPairing, which allows attackers to hijack accounts via the device-linking feature. Cyber criminals can access messages, photos, and videos without passwords or SIM swaps. Users are advised to avoid suspicious links

By PTI
Published Date - 20 December 2025, 06:20 PM
Indian cyber agency warns of WhatsApp ‘GhostPairing’ account hijack
whatsapp facebook twitter telegram

New Delhi: Indian cyber security agency CERT-In has flagged a vulnerability in the WhatsApp “device-linking” feature that enables attackers to take “complete” control of an account, including access to real-time messages, photos, and videos on the web version.

The agency named the issue “GhostPairing” on Friday in an advisory that has been accessed by PTI. “It has been reported that malicious actors are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes without authentication requirements.


“This newly identified cyber campaign called GhostPairing enables cyber criminals to take complete control of WhatsApp accounts without needing a password or SIM swaps,” the advisory said.

A response from WhatsApp to the revelation is awaited. The Indian Computer Emergency Response Team (CERT-In) is the national technology arm to combat cyber attacks and guard the Indian Internet space.

The advisory said that the “high” severity attack campaign usually begins with the victim receiving a message like “Hi, check this photo” from a “trusted” contact. The message contains a link with a Facebook-style preview. The link leads to a “fake” Facebook viewer that prompts users to “verify” to see the content. Here, the attackers exploit WhatsApp’s “link device via phone number” feature by tricking unsuspecting users into entering their phone numbers, the advisory said.

This way, the victims “unknowingly” grant the attackers full access to their WhatsApp accounts. The ‘GhostPairing’ attack tricks users into granting an attacker’s browser access, as an additional trusted and hidden device, by using a pairing code that looks authentic.

The advisory said that once the attacker links their device, they get almost the same access as the victim would get on WhatsApp web. They can read messages that sync to their device, receive new messages in real-time, view photos, videos, and voice notes, and they can send messages to the victim’s contacts and group chats, the advisory said.

The agency suggested such counter-measures as not clicking suspicious links even if they come from known contacts and not entering one’s phone number on external sites claiming to be WhatsApp or Facebook.

  • Follow Us :
  • Tags
  • cybersecurity
  • DigitalSafety
  • GhostPairing
  • PhishingAlert

Related News

  • CERT-in warns WhatsApp web, desktop users of large-scale malware campaign

    CERT-in warns WhatsApp web, desktop users of large-scale malware campaign

  • WEF delegation meets Naidu, discusses C4IR roadmap

    WEF delegation meets Naidu, discusses C4IR roadmap

  • CPA Australia survey says Indian small businesses recorded strongest growth since COVID

    CPA Australia survey says Indian small businesses recorded strongest growth since COVID

  • FM flags AI risks, says banks ready for challenges

    FM flags AI risks, says banks ready for challenges

Latest News

  • Andhra: Constable killed, three injured after car rams multiple vehicles in Ongole

    13 mins ago
  • Delivery agent arrested after woman alleges he entered her home and exposed himself

    35 mins ago
  • India’s first bullet train to begin phased operations from August 15, 2027; Hyderabad to get three high-speed rail corridors

    52 mins ago
  • Adityanath launches 35-crore sapling drive in Uttar Pradesh

    1 hour ago
  • Linda Noskova says glimpse of Wimbledon trophies inspired her to win maiden Grand Slam title

    57 mins ago
  • Elle Fanning, Julianne Moore to feature in ‘Moonsong’

    2 hours ago
  • Argentina beat 10-man Switzerland 3-1 after extra time to set up World Cup semi-final against England

    1 hour ago
  • Chandrababu Naidu orders swift repatriation of Andhra Pradesh victims killed in Vietnam boat accident

    2 hours ago

company

  • Home
  • About Us
  • Contact Us
  • Privacy Policy

business

  • Subscribe

telangana today

  • Telangana
  • Hyderabad
  • Latest News
  • Entertainment
  • World
  • Andhra Pradesh
  • Science & Tech
  • Sport

follow us

  • Telangana Today Telangana Today
Telangana Today Telangana Today

© Copyrights 2024 TELANGANA PUBLICATIONS PVT. LTD. All rights reserved. Powered by Veegam