WhatsApp

A 28-year-old man from Maharashtra became the latest victim of a sophisticated WhatsApp scam. Pradeep Jain, unsuspecting and going about his daily routine, lost over Rs 2 lakh from his bank account—all because he downloaded a single image sent by an unknown number on WhatsApp

This sophisticated scam, which doesn’t require clicking suspicious links or sharing OTPs, has raised serious concerns about digital safety.

How the Scam Unfolded 

One early morning, Jain received a call from an unknown number, followed by a WhatsApp message containing a photo of an elderly man with the question, “Do you know this person?” Initially, Jain ignored the message, but after receiving persistent calls from the same number, he eventually downloaded the image around 1:35 PM.

Google News

This single action gave hackers complete access to his smartphone. Within minutes, Rs 2.01 lakh was debited from his Canara Bank account through an ATM in Hyderabad. 

When the bank called to verify the transaction, the scammers demonstrated their technical prowess by mimicking Jain’s voice, convincing bank officials that the transaction was legitimate.

India Today reports that this elaborate scam employs a technique called “steganography,” derived from Greek words meaning “hidden writing.” 

In cybersecurity contexts, steganography involves concealing malicious code within seemingly innocent media files like images.

Specifically, the scammers used Least Significant Bit (LSB) steganography, which hides data within the least significant bits of an image’s data units. “Most images use three bytes of data for colour – red, green, and blue. 

Malware is typically hidden in one of these or the fourth byte, called the alpha channel,” explained cyber expert Tushar Sharma.

When the victim opens the infected image, the embedded malware silently installs and executes, bypassing traditional security systems.

Unlike obvious phishing attempts, there’s nothing overtly suspicious about these images, allowing them to evade standard antivirus detection.

The malware gains access to banking credentials, passwords, OTPs, and UPI information without triggering any obvious warnings.

Even more concerning, these attacks can fool sophisticated security tools, including AI-based image recognition systems.

Protection from WhatsApp Image Scams

Cybersecurity experts recommend several precautions:

  • Never open or download files from unknown numbers.
  • Keep your phone updated with the latest security patches.
  • Disable auto-download in WhatsApp settings to prevent unknown media from saving automatically.
  • Activate the “Silence Unknown Callers” feature on WhatsApp.
  • Set group permissions to “My Contacts” to prevent being added to suspicious groups.
  • Never share OTPs, even with contacts who seem familiar.

A WhatsApp spokesperson acknowledged that “scammers are constantly changing their tactics,” emphasizing the importance of remaining vigilant. They recommended that users block and report suspicious accounts immediately.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy

Kaaviya
Kaaviya
http://cybersecuritynews.com/
Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.