WhatsApp Image Scam: Man Loses ₹2 Lakh Just by Downloading a Photo

A 28-year-old man from Maharashtra fell victim to a stealthy and advanced cyberattack after downloading a seemingly innocent image on WhatsApp. The scam, which didn't involve any suspicious links or OTPs, highlights a disturbing new threat vector that exploits hidden malware embedded in image files.

A Deep Dive into the Attack:

  • The victim received a WhatsApp message with a photo and a question: “Do you know this person?” followed by persistent calls.
  • After downloading the image, hackers gained full access to his device within minutes.
  • Over ₹2.01 lakh was stolen from his Canara Bank account via ATM transactions in Hyderabad.
  • The fraudsters used advanced voice-mimicking technology to pass the bank's verification call.
  • The technique behind the scam: LSB steganography, which hides malicious code inside image files without raising suspicion.
  • This malware bypasses antivirus detection and gains access to sensitive data like banking credentials, OTPs, and UPI info.
  • It can evade even AI-powered security tools by blending into ordinary media content.

How to Protect Yourself:

  • Avoid downloading media from unknown WhatsApp numbers.
  • Disable auto-download of media in WhatsApp settings.
  • Keep your phone's OS and apps updated with the latest security patches.
  • Activate "Silence Unknown Callers" on WhatsApp.
  • Restrict group invites to "My Contacts" to avoid being added to suspicious groups.
  • Never share OTPs, even with known contacts.

This incident is a chilling reminder that cybercriminals are evolving their methods, using everyday platforms and innocent-looking files to target unsuspecting users. Stay alert, educate those around you, and let your first line of defense be caution—because one image could cost you everything.