A dangerous cyber scam employing a new technique called Steganography has emerged across India, targeting users of social media platforms like WhatsApp and Telegram. The Department of Telecommunications (DoT), Government of India, has issued a warning about this threat, explaining that hackers are using Steganography to deliver malware disguised within seemingly innocuous media files.
What is this new cyber trap?
This scam operates deceptively. Scammers use social media and instant messaging apps such as WhatsApp, Telegram, Facebook Messenger, and Instagram to send users photos and videos under the guise of attractive offers, invitations, or gifts. Downloading these files installs malicious malware onto the user's smartphone. This malware secretly scans banking apps, UPI apps, and other financial data in the background.
Steganography: Hiding in Plain Sight
Steganography involves concealing malicious code within an image, audio file, or video. To the user, it appears as a normal media file; however, upon download, the virus activates, gradually giving the scammer control over the device.
How are bank accounts emptied?
Once scammers gain remote access to a phone, they use keyloggers to record passwords, OTPs, and banking login credentials. They then empty the account using UPI transactions, internet banking, and card details. The user only discovers the theft when their balance reaches zero.
How to avoid this digital fraud?
The Department of Telecommunications advises users to take the following precautions:
1. Disable automatic downloads: Immediately disable the automatic media download option in the settings of apps like WhatsApp and Telegram.
2. Do not open files from unknown numbers: Avoid downloading or clicking on videos, photos, or links received from unknown individuals.
3. Install anti-virus software: Maintain a reputable anti-virus program on your phone to detect and block such malware.
4. Keep your phone updated: Regularly update your operating system and apps to ensure security patches are active.
Government Appeal
The DoT has issued a public alert on its X (formerly Twitter) handle, emphasizing the need for increased digital awareness and caution in online behavior. Cybercriminals are becoming increasingly sophisticated, making vigilance the best defense.
