After downloading a photograph that was given to him via whatsapp by an unidentified number, a 28-year-old guy from maharashtra lost more than Rs 2 lakh. The picture, which looked to be a picture of an old guy, was actually a trap made with steganography, a very sophisticated hacking method.
 
This is what took place.
 
An unknown number called the victim, pradeep Jain, in the early hours of the morning. The same number then sent him a whatsapp message with the picture and the query, "Do you know this person?"  He rejected the message at first, but after getting calls repeatedly, he gave in.

He downloaded the photograph at approximately 1:35 PM without realizing that this one move might jeopardize his device.  His Canara bank account had Rs 2.01 lakh taken out in a matter of minutes.  An ATM in hyderabad was used to complete the transaction.  The astonishment was increased when the scammers were able to imitate Jain's voice over the phone when the bank tried to confirm the transaction. 

Later, experts verified that Least Significant Bit (LSB) steganography was used to carry out the deception.  It entails concealing malicious code within common media files, including PDF documents, audio snippets, and photos.  Steganography makes the file appear normal, in contrast to common viruses that cause alerts or are detected by antivirus software.  Only after the file is opened does the malware become active, remaining hidden. 

"Steganography manipulates the smallest bits of data inside the file to carry out malicious instructions," Neehar Pathare, 63SATS's managing director, told The indian Express.  Only sophisticated forensic techniques can be used to track down these secret payloads, which evade detection systems.  He claims that this makes it challenging for users and standard security software to identify the problem. 

TOFEE co-founder and cyber specialist Tushar Sharma has described how this occurs.  According to Sharma, images typically use three channels—red, green, and blue—to record color information.  Any of these, or even the alpha channel that controls transparency, can conceal malware.  Opening such an infected image allows the code to covertly install itself and obtain private data, including private communications and banking credentials.  Pathare noted that certain utilities retrieve the hidden instructions from the file after it is opened and run them without causing any issues.  This enables hackers to conduct their operations covertly. 

File formats like.jpg,.png,.mp3,.mp4, and PDF are frequently utilized for these kinds of assaults. These frequently go unnoticed since they appear innocent and are frequently shared on apps like WhatsApp.  The fact that these frauds don't use blatant tactics like phishing links or phony login pages makes them even more risky.  Rather, the dangerous code remains covertly concealed within files that the majority of users believe to be secure.
 
 To prevent becoming victims of such attacks, cybersecurity experts highly advise users to take a few simple safeguards. These include avoiding downloads from unknown numbers, disabling WhatsApp's auto-download capabilities, updating phones with the most recent security patches, and never exchanging one-time passwords. In order to prevent exposure to potential fraud attempts, users are also encouraged to activate settings like "Silence Unknown Callers" and limit who can add them to whatsapp groups.
 
 According to a whatsapp representative, the app has developed measures to help users stay safe because it is aware of these constantly changing scams.  They advised people to utilize tools like context cards to determine the authenticity of new senders and to exercise caution, particularly when interacting with contacts they are unfamiliar with. Additionally, they advised never downloading media or accessing links from unconfirmed sources, and blocking and reporting suspicious accounts right away.  
For more interesting updates wa click and follow Indiaherald WhatsApp channel

Find out more:

SIBY JEYYA

22/04/2025 09:21 AM