WhatsApp device linking abused in account hijacking attacks

Threat actors are exploiting a legitimate WhatsApp device-linking feature to hijack accounts through a campaign called GhostPairing, which tricks victims into linking an attacker’s browser to their WhatsApp account without requiring authentication. This allows attackers to access conversation history, shared media, and impersonate users, with the only way to detect it being a manual check in the device settings.