New WhatsApp scam embeds malware in photos, victim loses Rs 2 lakh

A new and alarming trend dubbed the "WhatsApp image scam" is now gaining traction, exploiting unsuspecting users by embedding malicious code within innocent-looking image files, according to a media report.

Unlike traditional scams that rely on phishing links or OTP fraud, this new scheme utilizes a technique known as steganography - a method of concealing malware within image files. When the image is opened, the malware installs itself on the user's device without raising suspicion, quietly stealing sensitive data like passwords, banking credentials, and one-time password (OTPs).

Also Read: ED links EaseMyTrip co-founder Nishant Pitti to Mahadev betting scam

A recent case in Jabalpur, Madhya Pradesh has drawn national attention to this threat. A man reportedly lost close to ₹2 lakh after opening an image sent from an unknown WhatsApp number.

Investigations revealed that the image contained malware, which infiltrated his device and executed unauthorized financial transactions, all without alerting the victim.

Cybersecurity experts warn that such file-based attacks are more dangerous than traditional scams, as they leave little trace and can bypass standard mobile security measures.

Also Read: MeitY gears up to tackle spam surge on OTT messaging apps; stakeholder consultations likely soon

The Department of Telecommunications (DoT) has since issued a public advisory, urging users not to download media files from unfamiliar WhatsApp contacts.

To guard against such threats, experts recommend:

- Avoiding downloads from unknown sources on WhatsApp

- Enabling two-factor authentication on all accounts

- Keeping phones and apps updated with the latest security patches

- Using reputable antivirus software on mobile devices

WhatsApp is reportedly expected to introduce enhanced security tools to scan for malicious media in future updates.

Also Read: Understanding the "digital arrest" scam: What is it and how can you protect yourself?