Anyone who likes to work on a laptop and doesn’t always want to switch to their cell phone to chat is happy to use it WhatsApp-Web back. The function allows users to use the application on another device that is connected to the mobile phone.
Normally this is done with the Scan eines QR-Codes. In many cases, WhatsApp remembers which devices are connected and does not require any further confirmation. This is exactly what a new scam gives cybercriminals the chance to access other people’s messages and photos. Included manipulate them using “Ghost Pairing” the app’s device pairing or linking routine.
This is how criminals hack in using “ghost pairing”.
Table of Contents
“Ghost pairing” means that cybercriminals without passwords or account details can hack into users’ devices. Loud Gen Digital This type of attack was first observed in the Czech Republic. Usually the hackers send one ominous link via WhatsApp to the target person, the one Facebook-Photos should reveal.
If those affected click on it, they will redirected to a fake Facebook pagewhich are provided by the users Identity or phone number verification demands. This number is then forwarded to WhatsApp by the attackers “Link device via phone number” function to activate. This allows new devices to be added to an account.
What can those affected do?
Those affected can check whether unauthorized devices are connected to WhatsApp.
- Open Settings in WhatsApp and select the tab “Connected devices“.
- Check the list of active sessions and log in from all of them unknown devices ab.
- This will make all sessions removedthat were created by the fraudsters.
Manipulated holiday and New Year’s Eve images as a scam trap
But not only that: Especially now during the holidays and New Year’s Eve, manipulated greeting images are circulating in all chats, in which cyber criminals send a link that encourages people to view content. How The Hindu Reportedly, similar scams have been observed in India. According to authorities, the links contain malicious APK files (Android Package Kit)that install spyware or malware on mobile phones. If the device is infected, hackers can gain access to bank accounts, one-time passwords, photo galleries and contact lists.
Fraud with QR codes is less common
The experts further explain that fraud is less likely to occur using a QR code, which is otherwise often used for WhatsApp Web. This mainly has to do with the fact that the fake QR code is displayed on the device you are currently using. Scanning it with a second device, for example, is rather complicated or not possible at all. That’s exactly why cybercriminals rely more on the phone number and the pairing code.
What can those affected do?
Those affected can check whether unauthorized devices are connected to WhatsApp.
- Open Settings in WhatsApp and select the tab “Connected devices”.
- Check the list of active sessions and log in from all of them unknown devices ab.
- This will make all sessions removedthat were created by the fraudsters.