A new technique named GhostPairing has emerged, specifically designed to hijack WhatsApp accounts. This method exploits certain functionalities to gain unauthorized access to user accounts, posing a serious threat to privacy and security for millions of users.

How GhostPairing Compromises Accounts

GhostPairing works by effectively creating a ‘ghost’ or unauthorized linked device session for a WhatsApp account. This allows attackers to mirror the victim’s WhatsApp activity, including reading messages, sending messages, and accessing contacts, all without the victim’s explicit knowledge or consent after the initial compromise.

Protecting Against WhatsApp Account Hijacks

The existence of methods like GhostPairing underscores the importance of robust security practices for messaging applications. Users should remain cautious about suspicious links or activities that could lead to account compromise. Enabling two-factor authentication (2FA) and regularly reviewing linked devices within WhatsApp settings are critical steps to prevent such hijacking attempts. The threat was reported in December 2025.

Source: https://www.malwarebytes.com/blog/news/2025/12/the-ghosts-of-whatsapp-how-ghostpairing-hijacks-accounts