GHOSTPAIRING ATTACK
Why in News?
- The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory warning Indian users about a new cyber-attack method called GhostPairing.
- The advisory was issued on December 19, 2025.
- The attack targets WhatsApp users and allows cybercriminals to take over accounts without passwords or SIM swaps.
WHAT IS GHOSTPAIRING?
- GhostPairing is a new technique used to hijack WhatsApp accounts.
- It exploits WhatsApp’s device-linking feature, which allows users to access chats on browsers, laptops, or tablets.
- The attack tricks users into linking an attacker’s device as a trusted hidden device.
- Once linked, attackers gain full control of the WhatsApp account.
WHY GHOSTPAIRING IS DANGEROUS?
- The attack does not require stealing passwords.
- The attack does not require SIM swapping.
- Victims unknowingly approve access by entering pairing codes that appear legitimate.
- This makes the attack difficult to detect.
BACKGROUND: DEVICE LINKING IN WHATSAPP?
- WhatsApp allows users to link multiple devices to a single account.
- Users can link devices by:
- Scanning a QR code, or
- Entering a pairing code displayed on the device.
- Currently, there is no strict limit on the number of devices linked to an account.
- GhostPairing exploits this feature.
MODUS OPERANDI OF THE GHOSTPAIRING ATTACK
- The attack usually begins with a message from a trusted contact saying, “Hi, check this photo.”
- The message contains a malicious link with a Facebook-style preview.
- The link opens a fake Facebook content viewer.
- The fake page asks the victim to verify in order to view the content.
- Victims are then prompted to enter:
- Their phone number, and
- A pairing or verification code.
- By doing this, victims unknowingly link the attacker’s device to their WhatsApp account.
WHAT HAPPENS AFTER ACCOUNT TAKEOVER?
- Once the attacker’s device is linked, cybercriminals can:
- Read all existing chats.
- Receive new messages in real time.
- Access photos, videos, and voice notes.
- Impersonate the victim.
- Attackers can send messages to the victim’s contacts and group chats.
- This can lead to financial fraud, misinformation, and social engineering scams.
LINK WITH GOVT. SIM BINDING DIRECTIVE
- CERT-In’s advisory comes after a Department of Telecommunications (DoT)
- The DoT ordered messaging platforms like WhatsApp, Signal, and Telegram to implement continuous SIM binding.
- Under this rule:
- Users cannot access accounts on devices without the registered SIM.
- WhatsApp Web sessions will be logged out every six hours.
- Users will need to re-link devices using QR codes.
- The aim is to curb account hijacking and digital fraud.
CONCERNS AROUND SIM BINDING
- Digital rights advocates argue that continuous SIM binding may:
- Affect user privacy.
- Complicate multi-device usage, especially for professionals.
- Cybersecurity experts have pointed out technical challenges in implementation.
RELATED CYBERCRIME TRENDS IN INDIA
- In October 2025, the Indian Cybercrime Coordination Centre (I4C) identified a transnational scam trend.
- Scammers used Facebook and Instagram ads to trick users into linking WhatsApp accounts.
- GhostPairing fits into this broader pattern of social-engineering-based account hijacking.
CERT IN’S SAFETY RECOMMENDATIONS
- Users should avoid clicking suspicious links, even if they are sent by known contacts.
- Users should never enter phone numbers or verification codes on external websites.
- Users should regularly check Linked Devices in WhatsApp settings.
- If an unknown device is found, users should log out immediately.
SAFETY RECOMMENDATIONS FOR ORGANISATIONS
- Organisations using WhatsApp should provide cybersecurity awareness training.
- They should enforce mobile device management (MDM) policies where possible.
- They should monitor for signs of phishing and social engineering attacks.
- Clear protocols should be established for rapid response and remediation.
SIGNIFICANCE FOR CYBERSECURITY GOVERNANCE
- The GhostPairing attack highlights the evolving sophistication of cyber threats.
- It underscores the importance of user awareness, platform security, and regulatory oversight.
- The advisory reflects CERT-In’s role in early warning and national cyber resilience.
Note: Connect with Vajirao & Reddy Institute to keep yourself updated with latest UPSC Current Affairs in English.
Note: We upload Current Affairs Except Sunday.
The post GHOSTPAIRING ATTACK appeared first on Vajirao IAS.