In Jabalpur, a man recently lost ₹2 lakh after downloading what appeared to be a harmless image sent over WhatsApp. The message asked if he recognised the person in the blurry photo—phrased as a request for help, playing on basic human empathy. What followed was a textbook case of modern cyber fraud.
This new scam, dubbed the Photo Claim Scam, doesn’t rely on suspicious links or fake calls. Instead, it uses image files as weapons. Fraudsters embed malicious code into these images using a method called steganography. The moment the image is downloaded, the malware is activated—quietly compromising the victim’s device without any visible sign.
The Jabalpur victim, like most, assumed the image was genuine. But embedded within that image was an APK file, disguised as a regular photo. Once installed, the file granted full access to the phone’s sensitive data: SMS inbox, UPI apps, banking credentials, and more. Within minutes, money began to disappear. Before he could take action, ₹2 lakh had already been withdrawn.
Experts say this kind of malware is designed to exploit system permissions. Once inside the device, it reads banking messages, intercepts OTPs, and even executes transactions remotely. In some cases, the fraudsters follow up with a phone call, encouraging the target to check the photo—sealing the trap.
While link-based scams and phishing attacks are familiar territory, this shift to image-based malware marks a more insidious evolution. Similar tactics were used in previous fraud campaigns, including one that circulated APKs disguised as wedding invitations. Now, the same playbook is being repurposed with photo-based deception.
Authorities and cybercrime experts urge users to take several precautionary steps. First, avoid downloading any images or files sent by unknown contacts—regardless of how harmless or emotional the message may seem. Second, disable automatic media downloads on messaging apps like WhatsApp. Third, never install APK files from outside trusted app stores, even if shared by someone you know. And finally, ensure your device is regularly updated with the latest security patches, and protected by a reputable antivirus application.
