A serious new cybersecurity threat has put millions of WhatsApp users in India at risk. The Indian government’s cybersecurity watchdog, CERT-In, has issued a high-risk alert warning about a hacking technique called Ghost-Pairing, which allows fraudsters to take control of a WhatsApp account without needing an OTP or password.
What makes this threat especially dangerous is its silence. Victims often don’t realise anything is wrong while attackers quietly read chats, monitor messages in real time, and even change account settings.
What is the Ghost-Pairing attack?
Ghost-Pairing exploits WhatsApp’s Linked Devices feature, commonly used for WhatsApp Web on laptops and desktops.
According to CERT-In, scammers trick users into clicking malicious links sent via chat. These messages are designed to trigger curiosity or panic, often saying things like “I found your photo on Facebook, is this you?” or “Someone shared your video”.
Read more :- Gujarat Police recruitment 2025: Registration closes tomorrow for 13,591 posts; apply before 11:59 PM
Once the link is clicked, a hidden script runs in the background and secretly links the attacker’s device to the victim’s WhatsApp account. Shockingly, this happens without asking for OTP, password, or user permission.
How hackers gain full access quietly
After the attack, the hacker’s system gets registered as a trusted linked device. From that point on, attackers can:
- Read old chats and incoming messages in real time
- Monitor personal conversations without alerts
- Access media files and contact information
- Change WhatsApp settings or misuse the account
CERT-In notes that users usually receive no notification, making the breach hard to detect unless checked manually.
Why WhatsApp Web users are most vulnerable
The attack mainly targets people who frequently use WhatsApp Web on shared or personal computers. A single careless click on a suspicious link is enough to compromise the account.
Because Linked Devices are meant to sync silently across platforms, attackers misuse this feature to stay connected without raising suspicion.
How to protect your WhatsApp account right now
CERT-In has categorised Ghost-Pairing as a high-risk cyber threat and urges users to take immediate precautions:
- Never click suspicious links, even if they come from known contacts
- Check Linked Devices regularly in WhatsApp Settings
- If you see an unfamiliar device, log it out immediately
- Enable Two-Step Verification for an added security layer
- Avoid websites claiming to show private photos or videos
Remember, WhatsApp never asks users to link devices through external websites or random links.
Read more :- Ather electric scooters to get costlier from January 1: Here’s what buyers should know
Stay alert, stay safe
Cybercriminals rely heavily on human emotions like curiosity and fear. Messages that push urgency or intrigue are often traps. CERT-In advises users to pause, verify, and think before clicking anything unfamiliar.
In today’s digital world, a moment of caution can save months of trouble. Staying alert is still the strongest defence against evolving cyber threats.
