HackOnChat Revealed: How Attackers Hijack WhatsApp Accounts Worldwide

CTM360 has uncovered a large global campaign designed to hijack WhatsApp accounts, known as HackOnChat. The operation uses fake login portals and malicious pages that look identical to official WhatsApp services. These pages trick users into giving attackers access. The goal is to steal active sessions and verification keys.

Attackers rely on two main tactics: fake WhatsApp Web login screens and session hijacking. Victims are lured through deceptive messages that push them to open these pages. Once opened, attackers capture authentication details or attach themselves to an active session. This combination makes the attack highly effective.

Researchers found thousands of malicious URLs created using low-cost domains and automated website builders. This allows attackers to scale and replace pages rapidly when takedowns occur. The infrastructure is cheap, flexible and globally accessible. This makes the campaign extremely difficult to completely eliminate.

Although the activity is most concentrated in regions like the Middle East and Asia, the campaign is global in nature. Attackers can target users from any location with the same techniques. The attack infrastructure is not region-restricted. This increases the reach and impact of HackOnChat.

Once attackers gain control of a WhatsApp account, the damage extends beyond the victim. Compromised accounts are used to contact friends, family, and colleagues. Attackers impersonate the victim to request money, sensitive information, or spread further phishing links. This chain reaction spreads quickly through trusted networks.

The campaign highlights how social engineering and technical hijacking now work hand in hand. Fake interfaces are convincing enough to fool even cautious users. Combined with session abuse, attackers gain full access without complex hacking tools. The simplicity is what makes the threat so powerful.

CTM360 recommends that users carefully review WhatsApp’s linked devices section and remove any unknown sessions. Verification codes must never be shared under any circumstances. Organisations are urged to include WhatsApp account-takeover patterns in their security monitoring. Awareness and caution are essential for both personal and enterprise users.

Overall, HackOnChat shows how messaging platforms remain prime targets for cybercriminal groups. The campaign blends automation, phishing, and session hijacking into a single large-scale operation. The threat continues to evolve with new domains and techniques. Strong vigilance is necessary to stay protected.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news