Published on: December 22, 2025

GHOSTPAIRING

GHOSTPAIRING

NEWS

  • Indian Computer Emergency Response Team (CERT-In) issued a High Severity advisory (December 19, 2025) warning WhatsApp users about a new account takeover technique called GhostPairing.
  • The attack enables complete hijacking of WhatsApp accounts without passwords or SIM swaps, raising serious concerns over digital fraud and privacy.

HIGHLIGHTS

What is GhostPairing?

  • GhostPairing exploits WhatsApp’s Linked Devices
  • Cybercriminals trick users into authorising a malicious device as a trusted companion device.
  • Once linked, attackers gain:
    • Real-time access to chats
    • Ability to send/receive messages
    • Access to media and voice notes
  • Crucially, no OTP theft, password hacking, or SIM cloning is required.

Modus Operandi (How the Attack Works)

  • Victim receives a message from a known contact saying: “Hi, check this photo”.
  • The link:
    • Mimics a Facebook-style preview
    • Redirects to a fake verification page
  • Users are prompted to:
    • Enter phone number
    • Enter a pairing code
  • This code secretly links the attacker’s device to the victim’s WhatsApp account.

Why This is a Serious Threat

  • WhatsApp currently allows multiple linked devices.
  • Attackers can impersonate victims to:
    • Scam contacts
    • Spread malware
    • Commit financial fraud
  • CERT-In notes this is part of a transnational cybercrime trend, earlier flagged by Indian Cybercrime Coordination Centre (I4C).

Policy Context: SIM-Binding Directive

  • The Department of Telecommunications (DoT) has ordered continuous SIM-binding for messaging apps.
  • Objective: Reduce account hijacking and digital fraud.
  • Concerns raised:
    • Privacy risks
    • Multi-device usability issues
    • Technical implementation hurdles

CERT-In Recommendations

For Users

  • Avoid clicking suspicious links—even from known contacts.
  • Never enter phone numbers or codes on external sites.
  • Regularly check Settings → Linked Devices and log out unknown sessions.

For Organisations

  • Conduct messaging-app security training.
  • Monitor phishing indicators.
  • Implement Mobile Device Management (MDM).