He downloaded a WhatsApp image. Minutes later, Rs 2 lakh was gone | Technology News

One early morning, Pradeep Jain, 28, received a call from an unknown number. A few moments later, he got a message from the same number: A photo of an elderly man with a question, “Do you know this person?”Initially, Jain ignored it. But after repeated calls, he eventually gave in. Around 1:35 PM, he downloaded the image. That one click gave hackers access to his phone. Within minutes, he lost Rs 2.01 lakh from his bank account.
The money was withdrawn from an ATM in Hyderabad. When Canara Bank called to verify the transaction, the scammers managed to mimic Jain’s voice.
Story continues below this ad

This scam uses Least Significant Bit (LSB) steganography, a technique of hiding data within media files like images or audio modifying the least significant bits of data units.
“The word ‘steganography’ has Greek origins. It means ‘hidden writing’. In cybercrime, this technique is exploited to embed malware or secret instructions inside harmless-looking media files. These hidden payloads often evade traditional detection systems and are triggered only specific scripts,” explained Neehar Pathare, MD of 63SATS.

Tushar Sharma, cyber expert and co-founder of TOFEE (The Organisation For Enlightenment and Education), said, “This isn’t a new concept. In 2017, hackers embedded harmful executable code inside GIF files shared on WhatsApp. When downloaded, the hidden code ran in the background, passing security settings and accessing the user’s data. Though the vulnerability was patched, this technique made a comeback in 2019 with more refined methods and broader targets.”
How steganography scams differ from traditional malware attacks
Unlike obvious phishing or malware attempts, like fake login pages or suspicious attachments, steganography hides code inside seemingly innocent files. “There’s nothing overtly dangerous about these images or audio files, which is why they often pass antivirus software. Steganography can fool even advanced tools like AI-based image recognition,” said Pathare. Story continues below this ad
File formats like .jpg, .png, .mp3, .mp4, PDFs are commonly used for this, since these formats seem trustworthy and are frequently exchanged.
How the attack works
“Most images use three tes of data for colour – red, green, and blue. Malware is typically hidden in one of these or the fourth te, called the alpha channel,” said Sharma. “When you open the infected image, the malware installs silently and gains access to your sensitive data.”
Pathare said, “The malicious code is then extracted using specific tools and executed, allowing it to slip past signature-based antivirus systems.”
Can this malware be detected?
“Detecting steganography requires forensic tools, steganalysis platforms, and behavioural analytics to spot anomalies in file structures or execution behaviour,” says Pathare. “Traditional antivirus tools are ineffective because they don’t scan for embedded content. AI and machine learning offer a better shot detecting behavioural irregularities within files and improving early threat detection.”Story continues below this ad
How can you protect yourself?
Tushar Sharma shares these key tips to stay safe:
Avoid unknown senders: Don’t open or download files from unknown numbers.Keep your phone updated: Regular updates help patch vulnerabilities.Disable auto-download: Prevent unknown media from saving automatically tweaking WhatsApp settings.Never share OTPs: Scammers often pretend to be known contacts.
Limit group additions: Set group permissions to ‘My Contacts’ to prevent being added to suspicious groups.
Silence unknown callers: Activate the ‘Silence Unknown Callers’ feature on WhatsApp to reduce spam and scam attempts.Story continues below this ad

In addition to the above safety measures, a WhatsApp spokesperson said that scammers are constantly changing their tactics, which is why it’s important to stay alert and cautious. “If someone you don’t know messages you or adds you to a group, you’ll see a context card giving you more information about the user or the group. We advise people to block and report suspicious accounts, and never download images, videos, or click links from unknown numbers.”
The spokesperson told that WhatsApp continues to invest in technology, safety tools, and resources to help users protect themselves from online scams.
Pathare also recommended deploying file-scanning tools that can analyse embedded content, using behaviour-based threat detection, and limiting unauthorised media handling in secure environments. At an organisational level, training employees to recognise risks and using AI-powered cybersecurity systems can significantly reduce exposure to such attacks.
The Safe Side
As the world evolves, the digital landscape does too, bringing new opportunities—and new risks. Scammers are becoming more sophicated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.