What is the WhatsApp image scam, and how can you stay safe from it?

ByHT News Desk
Apr 11, 2025 12:17 PM IST

The WhatsApp image scam operates through a technique known as steganography, where malicious code is embedded within image files.

WhatsApp is increasingly being used as a platform by scammers and fraudsters to deceive people. From dangerous links to OTP scams and even "digital arrests," cybercriminals are constantly finding new ways to exploit users.

From dangerous links to OTP scams and even "digital arrests," cybercriminals are constantly finding new ways to exploit users. (Representational image)
From dangerous links to OTP scams and even "digital arrests," cybercriminals are constantly finding new ways to exploit users. (Representational image)

A new scam has recently emerged that targets users through seemingly harmless image files containing hidden malware. In a concerning incident, a man in Jabalpur, Madhya Pradesh, lost approximately 2 lakh after downloading an image file sent via WhatsApp from an unknown number.

The technique: Steganography

This scam operates through a technique known as steganography, where malicious code is embedded within image files. One common form of steganography is called Least Significant Bit (LSB) steganography, which hides information in the least significant bit of a media file. An image typically comprises three bytes of data corresponding to the colors red, green, and blue. The hidden data is often embedded in the fourth byte, also known as the ‘alpha’ channel.

Once the victim opens the infected image, the malware is automatically installed on their device. This malware can then access sensitive information such as banking credentials and passwords. In some cases, it even allows remote access to the device. If the victim initially ignores the image, scammers may follow up with a call to pressure them into opening the file.

The Jabalpur incident

In the recent Jabalpur case, a resident received a WhatsApp call from an unknown number requesting help identifying someone from a photo. Initially ignoring the message, the victim eventually gave in after repeated calls and clicked on the image. This action enabled the hackers to infiltrate his device. Within a short period, around 2 lakh was fraudulently withdrawn from his bank account.

How to stay safe

To protect yourself from such scams, follow these safety guidelines:

  • Do not download any photo, video, or link sent from unknown numbers on WhatsApp.
  • Disable the auto-download feature in WhatsApp settings.
  • Avoid opening large or suspicious files, especially from unknown sources.
  • Ignore and block calls and messages that seem suspicious.
  • Educate others about such scams to help them stay alert.
  • Report any incidents to the official Cybercrime portal: https://cybercrime.gov.in

