Hi!

I work for a small company and keeping phones working is one of my responsibilities. I have seen accounts being hacked and I always see that the owner of the account received an SMS or call and they are tricked into sharing that code and that the account can no longer be accessed without verifying the account again.

I have now seen an account being hijacked in a way I haven’t seen. This person didn’t receive an SMS or call and instead of not being able to access the account any more it seemed to being shared with another device, I mean, sending several messages to the number would result in all messages being delivered (double check mark) but only some of them would show up in this telephone. Incoming conversations that would appear to be the result of answering someone’s message would appear out of the blue.

Now I can not access this account anymore getting an error that states that I am using an unofficial WhatsApp version which I am not in more than one phone so I assume the account got banned and trying to get support from meta seems to be impossible.

Has anybody seen something like this?

Thanks!

  • viking@infosec.pub
    link
    fedilink
    English
    arrow-up
    7
    ·
    8 months ago

    Sounds like someone cloned the account and is running the clone in an unofficial version, that’s why you didn’t get locked out in the original installation.

    Whatsapp allows to sign in by scanning a QR code in the web app, I believe that’s how the unofficial apps work. So maybe the person got tricked into scanning something?