.jpeg)
In today's digitally connected world, cybercrime continues to evolve, with WhatsApp emerging as a frequent target. As one of the most widely used messaging platforms globally, it has become a hotspot for hackers. Among the growing list of threats, a particularly dangerous trend has surfaced this year—the "WhatsApp image scam."
Unlike conventional scams that depend on phishing links or OTP fraud, this scheme employs a more deceptive tactic by embedding malicious software within seemingly harmless image files, making it harder to detect and more dangerous for users, reported TOI.
A recent case in Jabalpur, Madhya Pradesh, has brought national attention to this threat, where a man lost nearly Rs 2 lakh after unknowingly downloading one of these infected images.
What is the new scam?Unlike the more familiar phishing scams and OTP frauds, the WhatsApp image scam represents a shift toward file-based cyberattacks. Hackers are now using steganography—a technique once reserved for covert communication—to embed malicious code within image files. This method allows the malware to remain hidden in plain sight, often slipping past standard phone security systems undetected.
Once the infected image is opened, the malware silently installs itself on the device. From there, it can steal sensitive information such as saved passwords, one-time passwords, and banking credentials, and even carry out unauthorised financial transactions—all without the user’s knowledge, according to a TOI report.
What happened after the scamThe threat posed by this scam became alarmingly real for a resident of Jabalpur, who lost nearly ₹2 lakh from his bank account after opening an image sent from an unknown WhatsApp number. Investigations revealed that malware had infiltrated his phone through the image file, highlighting just how damaging these attacks can be—even for vigilant users.
In response, the Department of Telecom issued a public advisory, warning people against downloading media files from unfamiliar WhatsApp contacts. Cybersecurity experts have labelled this tactic “far more dangerous than traditional scams,” as it leaves minimal traces, making both detection and prevention significantly more challenging.
What can users do to prevent falling prey to the scam?Experts recommend enabling two-factor authentication, keeping device software up to date, and using a reputable antivirus app. WhatsApp is also expected to roll out advanced scanning features to detect such threats in upcoming updates. Until then, caution remains the best defense
