Pradeep Jain, 28, got a call from an unidentified number early one morning. Shortly after, he received a message from the same number that included a picture of an old man and the inquiry, “Do you know this person?”
Jain initially disregarded it. However, he finally gave up after several cries. He downloaded the picture at approximately 1:35 PM. Hackers were able to access his phone with just one click. He lost Rs 2.01 lakh from his bank account in a matter of minutes.
The funds were taken out of a Hyderabad ATM. The con artists were able to imitate Jain’s voice when Canara Bank contacted to confirm the transaction.
Least Significant Bit (LSB) steganography, which modifies the least significant bits of data units to conceal data within media files like audio or images, is used in this scam.
The word “steganography” comes from Greek. “Hidden writing” is what it signifies. This technique is used in cybercrime to insert malware or secret instructions into media files that appear innocent. According to Neehar Pathare, MD of 63SATS, “these hidden payloads are triggered only by specific scripts and frequently evade traditional detection systems.”
“This is not a novel idea,” stated Tushar Sharma, a cyber specialist and co-founder of TOFEE (The Organization For Enlightenment and Education). In 2017, malicious executable code was inserted by hackers into GIF files that were shared on WhatsApp. The covert code bypassed security settings and gained access to the user’s data by running in the background while it was downloaded. Even though the vulnerability was fixed, this tactic reappeared in 2019 with improved techniques and wider targets.
How steganography scams differ from traditional malware attacks
Unlike overt phishing or malware tactics, including bogus login sites or questionable attachments, steganography hides code inside seemingly harmless files. Antivirus software usually ignores these images and audio files because they are not very dangerous. Steganography can fool even advanced methods, such as AI-based picture identification, according to Pathare.
Because they appear reliable and are often shared, file formats like.jpg,.png,.mp3,.mp4, and PDFs are routinely utilized for this.
How the attack works
“Most images use three bytes of data for colour – red, green, and blue. Malware is typically hidden in one of these or the fourth byte, called the alpha channel,” said Sharma. “When you open the infected image, the malware installs silently and gains access to your sensitive data.”
Pathare said, “The malicious code is then extracted using specific tools and executed, allowing it to slip past signature-based antivirus systems.”
Can this malware be detected?
“Detecting steganography requires forensic tools, steganalysis platforms, and behavioural analytics to spot anomalies in file structures or execution behaviour,” says Pathare. “Traditional antivirus tools are ineffective because they don’t scan for embedded content. AI and machine learning offer a better shot by detecting behavioural irregularities within files and improving early threat detection.”
How can you protect yourself?
Tushar Sharma shares these key tips to stay safe:
Avoid unknown senders: Don’t open or download files from unknown numbers.
Keep your phone updated: Regular updates help patch vulnerabilities.
Disable auto-download: Prevent unknown media from saving automatically by tweaking WhatsApp settings.
Never share OTPs: Scammers often pretend to be known contacts.
Limit group additions: Set group permissions to ‘My Contacts’ to prevent being added to suspicious groups.
Silence unknown callers: Activate the ‘Silence Unknown Callers’ feature on WhatsApp to reduce spam and scam attempts.