Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing.

This type of attack does not require any authentication, as the victim is tricked into linking the attacker’s browser to a WhatsApp device.

By doing so, threat actors gain access to the full conversation history and shared media, and may leverage information to impersonate users or commit fraud.