One WhatsApp image. ₹2 Lakh gone! The scam no one saw coming

Apple defends controversial Liquid Glass update: “This is not a gimmick”
ChatGPT is now your toxic single friend, giving bad dating advice
Your Apple Watch is now a fitness coach — say hello to Workout Buddy
From iOS 18 to iOS 26: The naming twist explained
After laying off 6,000, Microsoft's CPO shares advice for coders
SpaceX’s Starship blew up again — that’s three fails in a row.
5G on Steroids: The Supercharged Power of 5.5G
Your favorite movie or show could be one VPN away
APIs Explained Quickly (You Use Them Every Day!)
Tech
Megha
11 APR 2025 | 13:31:58

In Jabalpur, a man recently lost ₹2 lakh after downloading what appeared to be a harmless image sent over WhatsApp. The message asked if he recognised the person in the blurry photo—phrased as a request for help, playing on basic human empathy. What followed was a textbook case of modern cyber fraud.

Fraudsters switch from links to image files

This new scam, dubbed the Photo Claim Scam, doesn’t rely on suspicious links or fake calls. Instead, it uses image files as weapons. Fraudsters embed malicious code into these images using a method called steganography. The moment the image is downloaded, the malware is activated—quietly compromising the victim’s device without any visible sign.

How the Jabalpur incident unfolded

The Jabalpur victim, like most, assumed the image was genuine. But embedded within that image was an APK file, disguised as a regular photo. Once installed, the file granted full access to the phone’s sensitive data: SMS inbox, UPI apps, banking credentials, and more. Within minutes, money began to disappear. Before he could take action, ₹2 lakh had already been withdrawn.

The mechanics behind the scam

Experts say this kind of malware is designed to exploit system permissions. Once inside the device, it reads banking messages, intercepts OTPs, and even executes transactions remotely. In some cases, the fraudsters follow up with a phone call, encouraging the target to check the photo—sealing the trap.

A new breed of cyber threat

While link-based scams and phishing attacks are familiar territory, this shift to image-based malware marks a more insidious evolution. Similar tactics were used in previous fraud campaigns, including one that circulated APKs disguised as wedding invitations. Now, the same playbook is being repurposed with photo-based deception.

What users should do to stay secure

Authorities and cybercrime experts urge users to take several precautionary steps. First, avoid downloading any images or files sent by unknown contacts—regardless of how harmless or emotional the message may seem. Second, disable automatic media downloads on messaging apps like WhatsApp. Third, never install APK files from outside trusted app stores, even if shared by someone you know. And finally, ensure your device is regularly updated with the latest security patches, and protected by a reputable antivirus application.

Logo
Download App
Play Store BadgeApp Store Badge
About UsContact UsTerms of UsePrivacy PolicyCopyright © Editorji Technologies Pvt. Ltd. 2025. All Rights Reserved