GhostPairing

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. This type of attack does not require any authentication, as the victim is tricked into linking the attacker’s browser to a WhatsApp device. By doing so, threat actors gain access to the full conversation history and […]