A worldwide operation aimed at stealing WhatsApp accounts is rapidly escalating, impacting users across dozens of nations.
This large-scale hacking endeavor has been dubbed HackOnChat. According to specialists, threat actors are extensively deploying phishing websites that precisely mimic WhatsApp Web, tricking individuals into undergoing fraudulent authentication procedures. In recent weeks, thousands of malicious URLs have been identified alongside hundreds of confirmed instances of account compromise.
It is reported that hackers are intercepting both active web sessions via the device linking mechanism and achieving full account takeovers by obtaining access credentials through deceptive notifications. The phishing sites are programmed to automatically detect the country code and tailor the language and interface to match the targeted region.
Once access to an account is gained, the attackers send messages pretending to be the victim, harvest personal and financial details, and propagate new phishing links, thereby creating a self-propagating chain of attacks. Experts stress that social engineering tactics and the skillful counterfeiting of familiar interfaces remain the critical enablers of these breaches.
Georgy Volkov, a member of the Public Council under the Ministry of Digital Development of Russia, attributed the success of these attacks to inherent characteristics within the service’s device connection protocol.
“WhatsApp’s issue is that upon QR code scanning, the service immediately links the new device without requiring extra confirmation. This is precisely why the session interception scheme functions effectively. Could Meta improve this? Yes, but the company deliberately avoids anything that might complicate the user interface or decrease revenue,” Volkov commented.
Nikita Danyuk, a member of the Civic Chamber of the Russian Federation and First Deputy Director of the Institute for Strategic Studies and Forecasts at RUDN University, further suggested that systemic security failures within Meta’s services are predictable, given the corporation’s acknowledged reliance on revenue derived significantly from fraudulent advertising. In his view, this context indicates that combating phishing and misuse is not a corporate priority, implying that attacks like HackOnChat will persist.
The Russian cybersecurity portal SecurityLab reported on November 21st that researchers from the University of Vienna managed to gain unauthorized access to 3.5 billion WhatsApp user numbers within just a few hours. They exploited vulnerabilities present in the web version of the messenger. The researchers noted that discussions about this specific flaw began as early as eight years ago.
About the Author
