Categories
Cybercriminals are now using a sophisticated technique called steganography to spread malware through seemingly innocent image files on WhatsApp. In this method, malicious code is secretly embedded within image files, allowing attackers to compromise your device without raising suspicion. Always be cautious when receiving images from unknown sources and keep your security software up to date.
WhatsApp, once just a simple messaging app, is now being targeted by scammers and cybercriminals at an alarming rate. From malicious links and fake OTP requests to shocking cases of so-called “digital arrests,” fraudsters are constantly developing new and sophisticated methods to exploit unsuspecting users. As WhatsApp becomes more embedded in our daily communication, the risks of falling victim to these scams are growing rapidly.
New Scam Alert: WhatsApp Image File Malware Leads to ₹2 Lakh Loss in Jabalpur
A disturbing new scam has surfaced, exploiting unsuspecting users through seemingly innocent image files. Cybercriminals are now embedding malicious software within image files shared via WhatsApp, posing a serious threat to digital security.
In a recent case from Jabalpur, Madhya Pradesh, a man fell victim to this scam and lost nearly ₹2 lakh. The fraud began when he received an image file from an unknown number on WhatsApp. Unaware of the hidden danger, he downloaded the file—only to unknowingly install malware that gave hackers access to his financial data.
This incident serves as a crucial reminder to never download files or click on links from unknown sources. Authorities urge citizens to stay vigilant, keep their devices updated with the latest antivirus software, and report suspicious activity immediately.
Beware: Steganography-Based Scams Hiding Malware in Images
Cybercriminals are becoming increasingly sophisticated, using advanced techniques like steganography to hide malicious code within seemingly innocent image files.
One of the most common forms of this technique is known as Least Significant Bit (LSB) steganography. It works by embedding hidden data in the least significant bits of an image’s data stream. Typically, an image is made up of three bytes for red, green, and blue (RGB) colors. The hidden malware often resides in the fourth byte, also called the ‘alpha’ channel, which controls transparency.
When a victim opens the infected image, the hidden malware silently installs itself on their device. Once active, this malicious software can steal sensitive information like banking credentials, passwords, and in some cases, even provide remote access to the attacker.
To make matters worse, if the victim ignores the image initially, scammers may follow up with phishing calls, pressuring them into opening the file under false pretenses.
🔒 Stay Safe:
- Never open image files from unknown or suspicious sources.
- Keep your antivirus software up to date.
- Be cautious of unexpected messages that include attachments or urge immediate action.
The Jabalpur incident
In the recent Jabalpur case, a resident received a WhatsApp call from an unknown number requesting help identifying someone from a photo. Initially ignoring the message, the victim eventually gave in after repeated calls and clicked on the image. This action enabled the hackers to infiltrate his device. Within a short period, around ₹2 lakh was fraudulently withdrawn from his bank account.
WhatsApp continues to be a popular platform for community and religious groups, but sadly also for fraudsters. Here, the scammers rely on the goodwill of group members and their intrinsic desire to help others in distress.
“We urge people always to be wary when receiving contact via WhatsApp or other messaging platforms. This is particularly the case when being asked to provide account information – despite the fact that you may recognise the individual’s profile picture and / or name.
“Never share your account information with anyone, and if you think it’s a fraudulent approach, report the message and block the sender within WhatsApp. To make your account more secure, we advise setting up two-step verification to provide an extra layer of protection. This makes it increasingly more difficult for fraudsters to gain access to somebody else’s WhatsApp account”.
Analysis of Action Fraud reports indicate that victims targeted by this scam are often part of large WhatsApp community, alumni and academic, work groups, and religious groups (such as church or prayer groups).
What can you do to avoid being a victim?
- Never share your account’s two-factor authentication (2FA) code (that’s the six digit code you receive via SMS).
- Set up two-step verification to give an extra layer of protection to your account.
Tap Settings > Account >Two-step verification > Enable.
- THINK. CALL. If a family member or friend makes an unusual request on WhatsApp, always call the person to confirm their identity.
- You can report spam messages or block a sender within WhatsApp. Press and hold on the message bubble, select ‘Report’ and then follow the instructions.
If you have been a victim of fraud or cybercrime, report it at www.actionfraud.police.uk or by calling 0300 123 2040. In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.
How to stay safe
To protect yourself from such scams, follow these safety guidelines:
- Do not download any photo, video, or link sent from unknown numbers on WhatsApp.
- Disable the auto-download feature in WhatsApp settings.
- Avoid opening large or suspicious files, especially from unknown sources.
- Ignore and block calls and messages that seem suspicious.
- Educate others about such scams to help them stay alert.
- Report any incidents to the official Cybercrime portal: https://cybercrime.gov.in
