CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 has uncovered a worldwide WhatsApp account-hijacking campaign using deceptive authentication portals. The operation, named HackOnChat, leveraged session hijacking and social engineering to compromise thousands of accounts.

Why This Matters

WhatsApp’s security relies on end-to-end encryption and user verification, but this campaign exploits human trust in familiar interfaces. Attackers bypass technical safeguards by tricking users into revealing authentication keys or hijacking active sessions. The scale of the attack—hundreds of incidents across the Middle East and Asia—highlights how social engineering remains a low-cost, high-impact vector, often outpacing technical defenses.

Key Insights

• “HackOnChat campaign, 2025”: CTM360 identified thousands of malicious URLs hosted on cheap domains, enabling rapid deployment.
• “Session Hijacking and Account Takeover”: Attackers use WhatsApp Web’s linked-device feature and spoofed security alerts to gain control.
• “Multilingual phishing infrastructure”: Campaigns adapted interfaces with country codes and languages to target global users.

Practical Applications

• Use Case: Enterprises using WhatsApp for customer support risk data breaches via compromised accounts.
• Pitfall: Relying solely on user authentication without multi-factor verification leaves accounts vulnerable to spoofed alerts.

References:

• https://thehackernews.com/2025/11/ctm360-exposes-global-whatsapp.html
• https://www.ctm360.com/reports/hackonchat-unmasking-the-whatsapp-hacking-scam