Overview
- India’s cyber agency issued a high-severity advisory detailing a campaign that seizes WhatsApp accounts by abusing the app’s device-linking feature without passwords or SIM swaps.
- Attacks often start with a message such as “Hi, check this photo” that leads to a fake Facebook-style page prompting a phone number or pairing code input.
- Once an attacker’s device is linked, they gain WhatsApp Web–level access to read and send messages, view media, and persist quietly unless removed from Linked Devices.
- Security researchers at Avast are credited with uncovering the campaign, with reporting noting early activity in the Czech Republic and signs of broader spread.
- WhatsApp has shared general safety guidance on cautious device linking and enabling two-step verification, while reports note no campaign-specific public statement so far.