• Home
  • CERT-In Warns of GhostPairing Threat Targeting WhatsApp Users

CERT-In Warns of GhostPairing Threat Targeting WhatsApp Users

December 24, 2025 Current Affairs Today - Latest Current Affairs - 2025-26
CERT-In Warns of GhostPairing Threat Targeting WhatsApp Users

The Indian Computer Emergency Response Team has issued a high-severity advisory warning of an active cyber threat campaign targeting WhatsApp users across India. The attack, known as GhostPairing, enables cybercriminals to hijack WhatsApp accounts without passwords or SIM swaps, raising fresh concerns over messaging platform security amid rising digital fraud.

How the GhostPairing Attack Works

According to Indian Computer Emergency Response Team, GhostPairing exploits WhatsApp’s multi-device feature. The attack tricks users into entering a legitimate-looking pairing code, unknowingly granting an attacker’s browser access as a hidden, trusted device. Once linked, the attacker gains full control of the victim’s WhatsApp Web session without triggering alerts on the primary phone.

Phishing Tactics Used by Threat Actors

The campaign typically begins with a message appearing to come from a trusted contact, often saying “Hi, check this photo.” The message contains a link with a Facebook-style preview that redirects users to a fake viewer page. Victims are then prompted to “verify” by entering their phone number and a code. CERT-In noted that this seemingly harmless process results in complete account takeover, without any SIM compromise.

Policy Context and Regulatory Response

The advisory follows a recent directive by the Department of Telecommunications mandating continuous SIM binding for messaging platforms such as WhatsApp, Signal and Telegram. The move aims to curb account hijacking and digital fraud by ensuring messaging apps remain accessible only on devices with active linked SIMs. However, the directive has drawn criticism from privacy advocates and legal experts over usability and privacy concerns.

Imporatnt Facts for Exams

  • CERT-In is India’s nodal agency for cybersecurity incident response.
  • GhostPairing exploits WhatsApp’s linked device feature.
  • The DoT has mandated continuous SIM binding for messaging apps.
  • Account hijacking is a key driver of digital fraud in India.

Advisory Measures for Users and Organisations

CERT-In has urged users to avoid clicking suspicious links even from known contacts and to never enter phone numbers or codes on external websites. Users are advised to regularly check the ‘Linked Devices’ section in WhatsApp settings and immediately log out of any unfamiliar sessions. For organisations, the advisory recommends security awareness training, phishing monitoring, and rapid incident response protocols to mitigate risks from messaging-based social engineering attacks.

Related
Senegal Declared Free of Trachoma by WHO Senegal Declared Free of Trachoma by WHO
Comet SWAN: A Visitor From Outer Solar System Comet SWAN: A Visitor From Outer Solar System
Himalayan Climate Risks 2025 Himalayan Climate Risks 2025
Higher Education Bill Brings IITs, IIMs Under Single Regulator Higher Education Bill Brings IITs, IIMs Under Single Regulator
National Medical Commission Guidelines on Live Surgery Broadcasts National Medical Commission Guidelines on Live Surgery Broadcasts
Uttar Pradesh to Create Kalyan Singh Nagar, Its 76th District Uttar Pradesh to Create Kalyan Singh Nagar, Its 76th District

Leave a Reply

Your email address will not be published. Required fields are marked *