WhatsApp’s Own System Used Against It!

A person holding a smartphone displaying various mobile applications

Cybercriminals are exploiting WhatsApp’s own security features to hijack accounts through a sophisticated “snowballing” scam that spreads through trusted contacts, bypassing traditional security measures entirely.

Story Snapshot

GhostPairing attacks trick users into granting account access through WhatsApp’s legitimate device linking feature
Compromised accounts automatically message contacts with phishing links, creating rapid snowball-effect spread
Meta banned 7 million scam accounts in first half of 2025 as attacks escalate
Attack bypasses passwords and SIM swaps by abusing user trust and platform features

How GhostPairing Exploits WhatsApp’s Own Security

Security researchers at Gen Digital discovered cybercriminals weaponizing WhatsApp’s legitimate device pairing system to steal accounts. Attackers send messages from compromised contacts like “Hey, I just found your photo!” with fake Facebook preview links. When victims click, they’re redirected to proxy pages mimicking WhatsApp’s official device linking process, where entering a numeric code grants attackers complete account control without requiring passwords or SIM card access.

Snowball Effect Creates Unstoppable Spread Pattern

Unlike traditional spam campaigns, GhostPairing leverages personal trust networks for unprecedented efficiency. Once an account is compromised, attackers immediately message the victim’s contacts using established relationships to bypass suspicion. This creates a cascading “snowball effect” where each successful hijacking exponentially increases the attack surface, making detection and containment extremely difficult for both users and platform administrators.

Meta Responds with Massive Account Purge

Facing this escalating threat, Meta banned nearly 7 million WhatsApp accounts linked to scams during the first half of 2025. The company introduced new protections including group addition alerts, enhanced context for unknown contacts, and partnered with OpenAI to combat Cambodia-based scam operations using ChatGPT for sophisticated phishing content. Despite these measures, the GhostPairing campaign continues exploiting the fundamental vulnerability of user trust.

The attack represents a disturbing evolution in cybercrime, where legitimate platform features become weapons against users. Security experts warn this trend undermines the entire foundation of digital communication trust, as even official verification processes can be corrupted. Americans must remain vigilant against these sophisticated social engineering tactics that exploit our natural inclination to trust messages from known contacts.