CERT-In warns of ‘ghostpairing’ attack targeting whatsApp users, flags high-risk account takeovers
New Delhi: India’s national cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), has issued a high-severity alert warning WhatsApp users of an active account takeover campaign using a new technique known as “GhostPairing," in an advisory released on December 19.
CERT-In said cybercriminals are exploiting WhatsApp’s device-linking feature to gain unauthorised access to user accounts without the need for passwords or SIM card swaps, as reported by The Indian Express. The attackers, the agency warned, deceive users into entering pairing codes, which silently grants control of the account to a malicious device.
ALSO READ: Teen killed in alleged honour killing over inter-community relationship, brother, his friend arrest
According to CERT-In, the GhostPairing method works by tricking victims into approving an attacker’s browser as a trusted linked device. The advisory said, “The attack manipulates users into granting access through a pairing code that appears legitimate." It further added that once access is granted, attackers can fully operate the account through WhatsApp Web.
Last month, the Department of Telecommunications directed messaging platforms such as WhatsApp, Signal and Telegram to implement continuous SIM binding which required accounts to remain linked to an active SIM card. As part of this directive, companion web sessions are expected to be logged out periodically and re-authenticated using QR codes.
CERT-In said the GhostPairing campaign typically begins with a message appearing to come from a trusted contact, often reading, “Hi, check this photo”. The message contains a link designed to mimic a Facebook-style preview, and clicking the link leads users to a fake verification page, where they are prompted to enter their phone number and a code. Victims unknowingly allow attackers to link their WhatsApp account to an external device, by completing these steps,.
Once compromised, attackers can access messages, photos, videos and voice notes in real time, and can impersonate the victim to send messages to individual contacts or groups, the agency said.
The advisory also noted that WhatsApp currently allows multiple devices to be linked to a single account, a feature that is being misused in such attacks. In October, the Indian Cybercrime Coordination Centre under the Ministry of Home Affairs had flagged a related trend involving scammers using social media advertisements to lure users into linking their WhatsApp accounts.
While the government’s SIM-binding push is intended to limit such fraud, it has raised concerns among legal experts and digital rights groups, who argue that constant SIM verification, could affect privacy and disrupt multi-device usage, particularly for professionals.
To reduce risk, CERT-In has urged users to avoid clicking on suspicious links, even if they appear to come from known contacts, and to never enter phone numbers or verification codes on external websites claiming to be linked to WhatsApp or Facebook. Users have also been advised to regularly review the “Linked Devices” section within WhatsApp settings and immediately log out of any unfamiliar sessions.
For organisations relying on WhatsApp for communication, the agency has recommended security awareness training, closer monitoring for phishing attempts, and the establishment of clear response protocols to detect and contain account compromises quickly.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Delhi airport incident: AI Express issues show cause notice to pilot
External inquiry panel to be set up
New Delhi (PTI): Air India Express will set up an external committee next week to inquire into the incident of one of its off-duty captain assaulting a passenger at the Delhi airport on Friday, sources said.
Soon after the incident on Friday, the Tata Group-owned airline suspended the pilot and the sources told PTI that a show cause notice has also been served to him seeking an explanation.
The proceedings are being carried under the labour laws as a pilot comes under the workmen category. An external inquiry committee will set up next week to probe the incident, the sources said.
ALSO READ: Sportspersons winning gold in Olympics to get Rs 6 crore cash prize, says CM Siddaramaiah
The incident occurred at Terminal 1 (T1) of the Delhi airport on Friday.
The passenger Ankit Dewan, on Friday, shared his experience in a social media post, along with a photo showing blood on his face after the altercation. He also shared a photo of the pilot Virender Sejwal.
On Saturday, the civil aviation ministry said it has taken serious cognizance of the incident and directed the airline to ground the pilot with immediate effect.
"A formal enquiry has been ordered. Detailed reports have been sought from BCAS and CISF," the ministry had said in a post on X in a response to a post by Dewan.
In a statement on Friday, Air India Express said it is aware of an incident at the Delhi airport involving one of its employees, who was travelling as a passenger on another airline, and had an altercation with another passenger.
"We unequivocally condemn such behaviour. The employee concerned has been removed from official duties with immediate effect, pending investigation.
"Appropriate disciplinary action will be initiated based on the findings of the inquiry," the airline had said.
Air India Express officials had also contacted the passenger.
