Latest WhatsApp Hack Takes Minutes To Steal Victims’ Accounts.

New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely

Hackers Target Social Media Platforms

Dark web hackers have found a new way to seize WhatsApp accounts, making this strategy one of the latest techniques to go viral since 2021. There’s a good reason why it’s becoming so popular among hackers too; all it takes is a forwarded call. 

As the most recent scam to take the net by storm, hackers are infiltrating and taking over WhatsApp accounts, through these calls and getting direct access to the victims contact list and direct messages. 

While WhatsApp has taken every effort to protect user data as much as possible, the most experienced of hackers have no problem in successfully breaching their security. How is this possible? 

The trick to getting this hack to work relies on the cell carriers’ automatic call forwarding service, with WhatsApp’s own (OTP) verification code being the second aspect of it. Thanks to the social platform’s automatic transmission of a one-time password (OTP) verification code, these hackers simply intercept this code through voice call and exploit it to access victims’ Android phones. 

Furthermore, according to Rahul Sasi, the founder and CEO of CloudSEK, a digital risk protection organization, data disclosed in the most recent WhatsApp hack shows that a hacker can easily acquire full control of his victim’s WhatsApp account in mere minutes. The only requirement for the hacker, is to be able to garner the target’s contact information by socializing with their target audience; that is, social engineering. 

CellPhone Carriers Targeted

From there, the hackers first convince the target to place a call that begins with an MMI code, as stated by the research team. Call forwarding will be enabled by the victim’s cellphone provider once this is completed. These codes are usually preceded by the letter A star (*) or a hash (#) symbol. Because all of the major US mobile network operators allow these codes, they are relatively accessible to the hacking community.

Next, all inquiries will be readily conveyed to the carrier’s terminal via a separate MMI code, even across a crowded connection and occasionally with no reception. If the MMI code is accessed, the mobile carrier is instructed to forward calls to the hacker’s provided contact number if the victim’s line is busy.

The hacker commences the WhatsApp signup procedure by using the OTP voice call option after switching connections to another phone. The perpetrator can now register the victim’s account to their gadget once the OTP code has been secured.

Victims barred from accounts

This two-factor authentication (2FA) key can then be used by the hacker however they please. As a result, you have victims easily being duped into transferring their phone numbers and subsequently-their accounts-, as the hacker then uses this line to urge them to phone *67 or 405. 

This instantly logs the victim’s WhatsApp account and grants the criminal full control over the account. Once the hacker has completed the 10 digit code strategies, the lawful owner is completely barred from recouping or trying to access the WhatsApp account. Just like that, they’ve lost access to all their contacts, direct messages and other personal information.