WhatsApp ‘Ghost Pairing’ Scam Is Spreading: How Hackers Can Quietly Read Your Chats

A new WhatsApp scam dubbed “GhostPairing” is spreading by abusing the app’s legitimate “Linked devices” feature, letting criminals attach their own browser or desktop session to a victim’s account without stealing a password or swapping a SIM. Once the attacker’s device is linked, they can monitor chats and download media while the victim continues using WhatsApp normally, making the compromise hard to spot.

What “ghost pairing” actually means

WhatsApp allows users to connect to WhatsApp Web or the desktop app by linking additional devices. The system is meant to be secure because it requires the account owner to approve the link, either by scanning a QR code or entering a numeric pairing code.

GhostPairing flips that convenience into a weapon: attackers trick users into completing the approval step themselves, unintentionally registering the attacker’s browser as a trusted linked device.

How the scam works (step-by-step)

Researchers describe two main variants, with the numeric-code flow now preferred because it works even when the victim and the scam page are on the same phone.

Step 1: A message from a known contact. Victims often receive a short lure such as “Hey, I just found your photo!”—frequently from someone they already know, because that account may already be compromised.

Step 2: A fake “viewer” page. The link opens a minimal webpage (often styled like Facebook) that asks the victim to “continue” or “verify” to view the supposed photo.

Step 3: The attacker triggers WhatsApp’s real linking process. The scam page asks for the victim’s phone number and forwards it to WhatsApp’s legitimate “link device via phone number” flow, which then generates a pairing code.

Step 4: The victim is told to enter the code in WhatsApp. The victim sees a genuine pairing prompt in WhatsApp, enters the code, and unknowingly links the attacker’s browser as a new device.

After that, the attacker’s session behaves like WhatsApp Web: it can view synced conversations, receive new messages, and download photos, videos, and voice notes.

What data attackers can access

Once a malicious device is linked, attackers can gain ongoing access to chats and media and can impersonate the victim to scam contacts, spreading the same lure further. The key point: end-to-end encryption isn’t “broken” here—users are manipulated into inviting the attacker in as an authorised device.

How to protect your WhatsApp account

These steps reduce the risk significantly:

• Never enter a pairing code to “view a photo” or “verify your account.” Pairing codes are specifically for linking WhatsApp Web/desktop sessions.
• Check Linked Devices regularly: WhatsApp > Settings > Linked devices, and remove anything unfamiliar. Researchers note that access can persist until the victim manually revokes the linked session.
• Enable Two-step verification in WhatsApp settings for an extra layer of account protection.
• Treat unexpected links from friends as suspicious, especially short messages pushing urgency or curiosity (“found your photo,” “is this you?”).
• If an unknown device is already linked, remove it immediately and notify contacts that your account may have been compromised so they don’t fall for follow-on messages.

Read more: OnePlus 15 vs Vivo X300: Specs and India Price Compared