top of page

Cyber Strategies Blog

WhatsApp hijackers take over your account while you sleep

Malwarebytes have recently published an article alerting WhatsApp users to a new threat that hackers are taking advantage of whilst you sleep.

The hackers take advantage of two things: a user's availability and how identity verification works on WhatsApp.

If you are not available to respond to verification checks, all the attacker needs is your phone number.

Here is how it works -

  • The attacker attempts to log in to a WhatsApp account. As part of the verification process, WhatsApp sends an SMS with a PIN to the phone number tied to the account.

  • The user is unavailable so doesn't realise there is a suspicious login. The attacker then tells WhatsApp that the SMS didn't arrive and asks for verification by phone call.

  • Since the account owner is still unavailable and cannot pick up the call, the call goes to the number's voicemail. Knowing the target's phone number, the attacker then attempts to access their voicemail by keying in the last four digits of the user's mobile number, which is usually the default PIN code to access the user's voicemail.

  • The attacker then has the WhatsApp verification code, and can use it to access the victim's WhatsApp account. They can then set up their own 2FA (two-factor authentication) on it, leaving the actual owner locked out of their own account.

To read the full article and find out how to protect your WhatsApp account visit the malwarebytes website here


Recent Posts
bottom of page