Maharashtra Man Loses ₹2 Lakh After Downloading Image on WhatsApp: A New Age Cyber Trap

Maharashtra | April 21, 2025 — In a haunting reminder of the evolving nature of cyber threats, a 28-year-old Maharashtra man was victimized by a high-tech scam after downloading an innocent-looking picture he received on WhatsApp from an unknown number. The experience resulted in more than ₹2 lakh being stolen from his bank account and has sent shivers down the spines of cybersecurity professionals all over the nation.

Victim Pradeep Jain was called in the early hours of the morning on an unknown number, followed by a WhatsApp message with a photo of an old man and a query: “Do you know this person?” Initially dismissing it as a spam message, Jain did not open the message—but continuous calls from the same number pushed him to open the message at 1:35 PM.

A minute after downloading the picture, Jain’s phone was quietly hacked. In a matter of minutes, a sum of ₹2.01 lakh was siphoned off from his Canara Bank account using an ATM in Hyderabad—hundreds of kilometres away from where he actually was.

What appeared to be an innocent picture proved to be a digital weapon designed using steganography, a sophisticated hacking method of concealing evil code within regular media files like images, audio files, or PDFs. The attackers implemented a technique named Least Significant Bit (LSB) steganography, concealing malware inside the picture without raising any alarm from antivirus.

“Malware only gets triggered when the file is opened, enabling hackers to gain access to personal information, banking credentials, and so on,” said Neehar Pathare, Managing Director at cybersecurity company 63SATS. He further said that these threats are hard to identify and need sophisticated forensic tools to analyze.

To add insult to injury, when the bank tried to authenticate the transaction, the scammers allegedly impersonated Jain’s voice on the call—a step that indicates the utilization of deepfake voice or voice cloning technology, making the nature of the attack even more complicated.

Tushar Sharma, founder of cybersecurity firm TOFEE, explained the technicalities: “Image files keep data in colour channels—red, green, and blue—and even in the alpha channel which deals with transparency. Malware can be injected into any of them. After opening, it installs silently and begins gathering sensitive data.”

The hackers used common file formats like .jpg, .png, .mp3, .mp4, and PDF, which are frequently exchanged on platforms like WhatsApp, making these types of attacks even harder to detect. Unlike traditional scams involving phishing links or fake websites, steganography-based attacks are subtle, silent, and effective.

Cybersecurity professionals are urging users to adopt basic safety measures:

• Disable auto-download of media on messaging apps

• Avoid opening files from unknown numbers

• Keep software updated with the latest security patches

• Never share OTPs or sensitive information over calls or texts

• Use features like “Silence Unknown Callers” on WhatsApp

• Limit who can add you to groups

The company replied that it is conscious of such changing threats and keeps enhancing its safety measures. “We encourage users to be careful, report suspicious accounts, and refrain from downloading content or clicking on links from unfamiliar contacts,” said the release.

This case serves as a harsh reminder that even just one tap on what appears to be an innocuous image can unlock the gates to ruinous financial and personal loss. As online thieves get smarter, online vigilance is not only advisable—it’s crucial.