The Union Ministry of Electronics and Information Technology (MeitY) issued an advisory warning citizens about a cyber campaign named “GhostPairing”.
- The campaign is being used to hijack WhatsApp accounts.
Modus Operandi
- Attackers exploit WhatsApp’s device-linking feature.
- Accounts are hijacked using pairing codes, without requiring authentication.
- No password theft or SIM swapping is involved.
How the Attack Begins
- Victims typically receive a message like “Hi, check this photo” from a trusted contact.
- The message contains a malicious link with a Facebook-style preview.
- Clicking the link leads to a verification process asking for the victim’s phone number.
Impact on Users
- Once the process is completed:
- Attackers gain full access to the victim’s WhatsApp account.
- They can further propagate the attack by sending similar messages to contacts.
Government Advisory to Citizens
- Do not click on suspicious or unsolicited links, even if received from known contacts.
- Never enter your phone number on external or unverified websites.
- Regularly check linked devices in WhatsApp settings and remove unknown devices.
- Remain alert and do not fall for social engineering traps.
![](https://www.gstimes.in/wp-content/uploads/2024/03/MARCH-2024-GS-TIMES-1ADD.jpg")
