New Delhi, Dec. 22 -- India's cybersecurity establishment is flagging a new class of WhatsApp account takeover, one that does not rely on stolen credentials, malware downloads, or SIM swap fraud. Instead, it exploits something far more routine: how users link WhatsApp to additional devices.

The Indian Computer Emergency Response Team (CERT-In), along with the Ministry of Electronics and Information Technology (MeitY), has issued advisories on an active cyber campaign called GhostPairing, warning that attackers are abusing WhatsApp's device-linking feature to gain full, unauthorized access to user accounts.

What sets GhostPairing apart is not technical sophistication but subtlety. The attack hinges on social engineering and misplaced tru...