GhostPairing

• 22 Dec 2025

On 22nd December 2025, the Ministry of Electronics and Information Technology issued advisory warning citizens about a cyber-campaign named GhostPairing that is being used to hijack WhatsApp accounts.

• The advisory was issued by the Ministry of Electronics and Information Technology after detecting a rise in cyber incidents linked to a campaign exploiting WhatsApp’s device-linking feature.
• The cyber campaign, known as GhostPairing, allows attackers to gain unauthorised access to WhatsApp accounts by misusing pairing codes without requiring traditional authentication.
• The attack typically begins when victims receive a seemingly harmless message such as “Hi, check this photo” from a trusted contact, making the message appear legitimate.
• The message contains a malicious link with a Facebook-style preview, which redirects users to a fake verification process that asks for their phone number.
• Once the phone number is entered, attackers are able to link their own device to the victim’s account, granting them full access to WhatsApp without password theft or SIM swapping.
• The Ministry noted that this method allows cybercriminals to take complete control of accounts, including chats and contacts, without alerting the victim immediately.