(8 January 2026 | Source: Ministry of Internal Affairs of the Republic of Kazakhstan)
A new cyber threat linked to the messaging app WhatsApp has been recorded in Kazakhstan. According to law enforcement agencies, criminals are using a legitimate feature of the service to gain access to users’ correspondence, while the phone itself continues to work without any visible issues.
HOW THE SCHEME WORKS
According to the Centre for Forecasting Criminal Threats and Public Security Risks of the Committee on Legal Statistics and Special Records of the Prosecutor General’s Office, the scheme is called GhostPairing. It does not involve technically hacking an account. Access to WhatsApp is gained by activating the feature for linking additional devices.
The user receives a message disguised to look like a notification from Facebook or WhatsApp. The link in the message leads to a fake website that mimics the interface of the official services. To ‘confirm access’, the user is prompted to enter their phone number and a verification code.
WHAT AN UNAUTHORISED PERSON GAINS ACCESS TO
After the data is entered, the external device is automatically added to the list of trusted devices. This enables reading messages, viewing media files and contacts, and sending messages on behalf of the account owner. Meanwhile, the user’s phone continues to function normally, making it difficult to detect the intrusion.
HOW TO IDENTIFY COMPROMISE
The Ministry of Internal Affairs notes that the only way to detect an unauthorised connection is to manually check the ‘Linked devices’ section in WhatsApp settings. Any unknown device in this list indicates account compromise and requires immediate disconnection.
POLICE RECOMMENDATIONS
Law enforcement agencies urge citizens to follow basic cyber security measures: be critical of unknown messages and notifications, do not enter WhatsApp codes on third-party websites, use two-factor authentication, and regularly check account activity. It is particularly stressed that a request for a verification code outside the app is always a sign of fraud.