In the digital age where phishing links and OTP frauds are the usual suspects, a new threat has emerged—one that hides in plain sight. Hackers are now using WhatsApp images as Trojan horses to deliver malware directly into users’ devices. Unlike conventional scams, this technique relies on steganography, a method where malicious code is embedded within seemingly harmless image files.
Once the infected image is opened, the malware installs silently on the victim’s phone. From there, it can siphon sensitive data—banking credentials, one-time passwords, and even carry out unauthorized financial transactions—without the user’s knowledge. Experts say this makes detection and prevention extremely difficult.
A ₹2 Lakh Wake-Up Call from Jabalpur
The seriousness of this scam became evident when a resident of Jabalpur, Madhya Pradesh, lost nearly ₹2 lakh after opening an image sent from an unknown WhatsApp number. The malware had infiltrated his device, allowing cybercriminals access to his financial apps.
The Department of Telecom (DoT) promptly issued a public warning, urging users to refrain from downloading image files from unknown sources. Cybersecurity experts labeled the scam “more dangerous than traditional phishing” due to its covert nature and lack of typical warning signs.
What Can You Do to Stay Safe?
Experts recommend enabling two-factor authentication, keeping your device and apps up to date, and using a reliable antivirus solution. WhatsApp, meanwhile, is expected to roll out advanced scanning features in upcoming updates to combat such file-based threats.
Until then, the best line of defense remains vigilance. Avoid opening image files from unfamiliar numbers, and regularly monitor your bank statements for suspicious activity.