WhatsApp has evolved from a simple messaging app to a crucial tool for communication, work, and connection for millions. In India alone, it boasts over 500 million active users who have integrated it into their daily lives. However, while this platform connects people, cybercriminals are increasingly exploiting it as a weapon.
We've all heard about fraudulent calls, lottery scams, fake links, and phishing messages, but cybercriminals have devised a new and more dangerous tactic—cyberattacks using image files.
The Jabalpur Case Opens Eyes
A recent incident in Jabalpur, Madhya Pradesh, shocked everyone. A 28-year-old man downloaded a seemingly innocuous photo on WhatsApp, and within moments, approximately ₹200,000 vanished from his bank account. No phishing links were clicked, and no suspicious apps were installed. A single photo wiped out his hard-earned savings.
How Do Photo-Based Cyberattacks Work?
This fraud employs advanced technology known as 'Steganography'. This technique involves embedding hidden code within a photo, video, or audio file, undetectable to the naked eye. However, when you download or open the file, the embedded malware activates on your device.
This malware can steal information crucial for bank transactions and logins—saved passwords, OTPs, bank account details, mobile numbers, emails, and even everything typed on your keyboard.
How Does the Malware Operate?
This dangerous code hides within common file formats like JPEG, PNG, MP4, or MP3. When a user downloads such a file on WhatsApp, the malware silently installs itself on the phone. It then operates within the mobile, secretly transmitting data to hackers.
The most alarming aspect is that these files appear so ordinary that users rarely suspect anything. Unlike traditional phishing links, many mobile antiviruses fail to detect them.
WhatsApp's Efforts
Major platforms like WhatsApp are continuously working on cybersecurity. Features like end-to-end encryption, spam detection, and two-factor authentication (2FA) are being implemented. However, these measures are insufficient unless users remain vigilant.
How to Stay Safe
- Disable Auto-Download: Go to WhatsApp settings > Storage and Data > Media Auto-Download and set it to 'No' for all options. This prevents any photos, videos, or documents from downloading without your permission.
- Don't Open Files from Unknown Numbers: Never download or open photos or videos from unknown contacts, no matter how innocuous they may seem.
- Block and Report Unknown Numbers: If a number repeatedly sends suspicious files or messages, block it and report it to WhatsApp.
- Secure Group Settings: In WhatsApp settings > Privacy > Groups, select 'My Contacts' or 'My Contacts Except' to prevent strangers from adding you to suspicious groups.
- Never Share OTPs or Bank Details: Never share OTPs, UPI PINs, passwords, or bank details on WhatsApp—even if the message appears to be from someone you know. Verify with the person via a call first.
- Install a Robust Antivirus: Use a good, updated mobile antivirus to detect suspicious apps or files.
- Check WhatsApp Web Logins: Regularly check for unauthorized device logins on WhatsApp Web.
Future Cybercrimes Will Be Smarter
Cybercriminals are no longer limiting themselves to scam calls and fake lotteries. They are using high-tech techniques like steganography to infiltrate your digital life. Caution is the best defense.
WhatsApp, while connecting us, also presents a growing challenge to our digital security. Staying updated and alert is crucial. Unfamiliar files, photos, and videos can empty your account with a single click.
