The attack method involves an attacker installing WhatsApp on their device and then registering a victim’s phone number as the number of the account.
WhatsApp has measures in place to prevent this type of hijacking, and sends an SMS with an account verification code to the cellphone number in question.
This ensures that the user with control of the cellphone number can access the code and act accordingly.
However, attackers use social engineering to convince the victim to send them the SMS verification code so they can hijack the WhatsApp account.
WhatsApp states on its website that it you receive a verification code and did not request it “someone entered your number when trying to register in WhatsApp”.
HOW TO PREVENT HIJACKERS FROM TAKING OVER YOUR WHATSAPP ACCOUNT
>>If you receive a message asking for a WhatsApp verification code you have just received – after not requesting a code or attempting to set up WhatsApp on a new device – the obvious step to take is to ignore the message.
>>Enable two-step verification (2FA) on your WhatsApp account to protect it.
To enable 2FA on your account, open WhatsApp and go to Settings > Account > Two-Step Verification > Enable
HOW TO RECOVER A COMPROMISED WHATSAPP ACCOUNT
Contact WhatsApp support via this support page here.