synopsis

After initially ignoring the message, the victim eventually clicked on the image following multiple follow-up calls. This simple action triggered a malware installation on his device, which granted hackers access to his sensitive banking data.

WhatsApp has once again become a tool for cybercriminals to target unsuspecting users. In a disturbing new trend, scammers are embedding malware into seemingly harmless image files sent via the platform, leading to severe financial losses for victims.

In a recent incident reported from Jabalpur, Madhya Pradesh, a man lost nearly Rs 2 lakh after falling prey to a malware-laced image scam. The victim received a WhatsApp message from an unknown number along with an image and a request for help identifying someone in the photo.

After initially ignoring the message, the victim eventually clicked on the image following multiple follow-up calls. This simple action triggered a malware installation on his device, which granted hackers access to his sensitive banking data.

The scam hinges on a sophisticated method called steganography — a technique used to conceal malware within media files. One form, known as Least Significant Bit (LSB) steganography, embeds malicious code into the alpha channel (the fourth byte) of image files, which typically contain data for red, green, and blue colors.

Once the image is opened, the malware silently installs itself on the device and may allow hackers to extract passwords, banking credentials, and even remotely control the phone.

Cyber experts warn that such scams are on the rise and can be difficult to detect due to their deceptive nature. In many cases, scammers build urgency by calling victims repeatedly and pressuring them into opening the image file.

How to protect yourself:

  • Never download or open media files sent by unknown contacts.
  • Turn off auto-download for media in WhatsApp settings.
  • Avoid engaging with suspicious calls or messages.
  • Be wary of requests for help that come from unfamiliar sources.
  • Spread awareness among friends and family to prevent such attacks.
  • Report any cyber fraud at the official portal: https://cybercrime.gov.in