This scam uses a trick called steganography, where harmful code is hidden inside regular photos. Once the image is downloaded, the malware secretly enters the phone and gives scammers full access.
They can steal bank credentials, read UPI PINs, and even bypass OTPs without the victim noticing.
In many cases, victims received calls shortly after getting the image. These calls urged them to check the photo and were sometimes followed by AI-generated voices that mimicked family members, making the scam more convincing.
The worst part is that the malware doesn't require any additional clicks or permissions. Just downloading the photo is enough to activate it. As a result, by the time people realise something is wrong, their money is already gone.
Authorities, including the Department of Telecom and Greater Chennai Police, have warned the public to be careful. They have advised users to disable auto-download for media on WhatsApp, keep their apps and phone systems updated, and activate two-step verification to protect both messaging and banking apps.
Experts also stress the importance of not trusting media or messages from unknown contacts and never sharing OTPs, even with people you know.
RBI's ATM Rule Shocker: Goodbye to 500 Notes?
This new scam shows how quickly cybercriminals are adapting. Staying cautious, especially with unknown messages and images, is now more important than ever to keep your money safe.