Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

WhatsApp Scam Lets Hackers Hijack Chats

September 4, 2025
Reading Time: 3 mins read
in Alerts
WhatsApp Scam Lets Hackers Hijack Chats

The attack begins with a seemingly innocent message from a friend’s number that says, “Hi, I accidentally found your photo!” accompanied by a shortened link. This URL, however, leads to a meticulously crafted, counterfeit Facebook login page that is designed to look identical to the real site. When an unsuspecting user enters their credentials on this fake page, the attacker captures them. These stolen credentials are then used to initiate WhatsApp’s device linking process. This critical step allows the attacker to connect their own device to the victim’s WhatsApp account.

Once the attacker initiates the device linking, WhatsApp sends a QR code or a six-digit code to the victim’s registered device. Because the attacker already has control of the victim’s Facebook session, they can intercept or manipulate the verification process to link the victim’s WhatsApp account to the attacker’s device. This gives the cybercriminal full, remote access to all of the victim’s chats, shared media, contacts, and group memberships. This level of access is highly dangerous, as it allows the attacker to not only read private information but also to impersonate the victim.

After successfully hijacking a WhatsApp account, the cybercriminals can impersonate the victim and message everyone in their contact list. This allows them to distribute more malicious links and potentially harvest credentials from multiple victims in a rapid, chain-reaction style. The attackers can also view and exfiltrate sensitive conversations and media files, join private groups to access confidential discussions, and spread phishing links or malware downloads under the guise of a trusted contact. Furthermore, they can blackmail victims by threatening to release private media or conversations, adding another layer of threat to the scam.

Many users are unaware that the device linking feature can be hijacked through social engineering and credential theft. While this feature was originally designed for convenience, allowing users to access their account on multiple devices like a phone and a desktop, criminals have now repurposed it into a powerful tool for large-scale account takeovers. To protect themselves, users should remain vigilant, verify suspicious messages through other channels, and avoid entering credentials on unverified pages. Implementing two-step verification on WhatsApp and regularly monitoring linked devices are also crucial steps to prevent falling victim to this sophisticated scam.

The most effective way to prevent falling victim to this scam is to be proactive about security. Users should always confirm with the sender of a suspicious message through an alternative channel, such as a direct phone call, before clicking on any links. Additionally, it is vital to carefully check URLs to ensure they are legitimate, looking for the proper domain name and HTTPS security. Enabling WhatsApp’s built-in two-step verification feature adds a critical layer of protection by requiring a PIN to link the account to a new device. Users should also regularly review their linked devices in the settings and immediately unlink any unfamiliar ones to maintain control of their account.

Reference:

  • New WhatsApp Scam Lets Hackers Hijack Chats And Poses A Serious Risk To Users
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecuritySeptember 2025
ADVERTISEMENT

Related Posts

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025
WhatsApp Scam Lets Hackers Hijack Chats

Android Droppers Turn Into Malware Tools

September 4, 2025
WhatsApp Scam Lets Hackers Hijack Chats

Malicious Npm Package Mimics Nodemailer

September 4, 2025
Sitecore Exploit Chain Warning

High Risk SQLi In WordPress Plugin

September 2, 2025

Latest Alerts

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

WhatsApp Scam Lets Hackers Hijack Chats

Malicious Npm Package Mimics Nodemailer

Android Droppers Turn Into Malware Tools

Subscribe to our newsletter

    Latest Incidents

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    Austria Ministry Reports Email Breach

    Hackers Breach Fintech In Bank Heist Try

    Ransomware Hits Pennsylvania AG Office

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial