WhatsApp Image Scam: How Cybercriminals Are Using Hidden Malware To Steal Your Money

WhatsApp has become an essential part of daily communication. However, with its growing popularity, it has also become a prime target for cybercriminals.

From phishing links to OTP scams, fraudsters are constantly coming up with new ways to exploit users. One of the latest and most alarming methods involves sending seemingly harmless image files that actually contain hidden malware.

This scam recently led to a man in Jabalpur, Madhya Pradesh, losing nearly ₹2 lakh—simply because he clicked on a picture sent by an unknown number.

Also, read| New Russian Law Bans Influencers From Advertising On Meta, X Platforms: Report

This latest scam makes use of a technique called steganography, a method where malicious code is embedded inside image files.

While the image may appear normal to the viewer, it secretly carries harmful software. One common form of this is called Least Significant Bit (LSB) steganography, where the hidden data is concealed within the smallest data bits of the image.

Most image files consist of three-colour bytes: red, green, and blue. But there’s often a fourth byte called the ‘alpha’ channel, which is used for transparency effects.

Hackers exploit this channel to hide dangerous code. Once the image is opened, the malware silently installs itself on the device.

In a real-world example, a man from Jabalpur, Madhya Pradesh, received a WhatsApp call from an unknown number.

Also, read| Your WhatsApp Messages Are Not Private: CIA Can Access, Says Zuckerberg

The caller asked for help identifying a person in a photograph and sent an image file. Although the victim initially ignored it, the scammer kept calling until the person finally opened the image.

That one click was enough. Within a short time, the malware accessed the victim’s sensitive banking information and allowed remote access to the device. Around ₹2 lakh was withdrawn from his bank account without his knowledge or consent.

How the Scam Works:

1. The scammer sends a photo file via WhatsApp, usually posing as someone in need of help or a friend.

2. If the victim doesn’t respond, the scammer follows up with repeated calls to convince them to open the image.

3. Once the image is opened, malware is automatically installed.

4. This malware can:

   • Access banking credentials and passwords

   • Monitor device activity

   • Enable remote access to the phone.

5. The scammer then uses this access to carry out unauthorized financial transactions.

To protect yourself from falling victim to such dangerous scams, follow these simple but crucial safety measures:

• Never open images, videos, or files from unknown contacts—even if they look harmless or friendly.

• Customise your WhatsApp settings to turn off automatic downloads of media files. This prevents unknown files from being saved to your phone without your permission.

• Be cautious with large or oddly named files, especially if you weren’t expecting them.

• Don’t respond to repeated calls or pressure tactics from unfamiliar numbers. Scammers often use persistence to make you lower your guard.

• Spread awareness among friends and family, especially those who may be less familiar with digital threats.

• Report suspicious messages or incidents to India’s official Cybercrime portal: cybercrime.gov.in.