Security Alert: New Digital Attacks Target WhatsApp Users Through “Link Devices” Scam

Cybersecurity specialists have revealed a new wave of digital attacks targeting WhatsApp users, without the need to breach the end-to-end encryption system relied upon by the app. These attacks depend on a smart exploitation of legitimate features within the platform, especially the "Linked Devices" feature, making the user themselves part of the hacking process without realizing it.

Mechanism of the Hack
According to researchers at Avast, a company specializing in information security, the new attack is known as GhostPairing. This method involves tricking the user into linking their WhatsApp account to an external device controlled by the attacker. Once the linking process is completed, the hacker gains full permissions enabling them to view private messages, photos, videos, and voice notes, as if they were the legitimate owner of the account.

The Beginning of the Trick
The process usually starts with a message sent to the victim from a seemingly trustworthy source, often containing a link claiming to show an image or attractive content. When clicking on the link, the user is redirected to a fake login page mimicking the Facebook interface, where they are asked to enter their phone number under the pretext of verification or to continue accessing the content.

The Most Dangerous Step
Instead of displaying the promised content, the fake page exploits the "Linked Devices" feature in WhatsApp by showing a code that the user is asked to enter within the app. Once this step is completed, the account is linked to the attacker’s device without the victim’s knowledge, and without needing a password or additional credentials.
After taking control of the account, the hacker exploits the victim’s contacts’ trust to send similar fraudulent messages, contributing to expanding the scope of the attack and hacking other accounts in a sequential and rapid manner.

Experts’ Warning
In this context, Luis Corons, a cybersecurity expert at Avast, explained that this type of attack reflects a clear shift in cybercrime methods. He said, “Fraudsters no longer focus solely on breaking technical systems, but increasingly rely on exploiting users’ trust and pushing them to grant permissions themselves.”
Corons added that attackers exploit tools familiar to users, such as QR codes and device linking requests, which seem like routine procedures but can be used to open serious security vulnerabilities.

Preventive Measures to Protect the Account
Avast urged WhatsApp users to regularly review the list of devices linked to their accounts by going to the app settings and then the "Linked Devices" section, deleting any unknown device immediately. They also emphasized the importance of ignoring suspicious links and not entering codes or data on untrusted pages.

Summary and Final Warning
Corons concluded by stressing that the rapid development in digital fraud methods requires technology companies to reconsider authentication and verification mechanisms, so they do not rely solely on assuming the user’s good faith, but also take into account the possibility of deceiving them into taking steps that could turn trust in modern technologies into an exploitable security vulnerability.