New WhatsApp scam: Opening a single photo could empty your bank account - here’s how

No links, no OTPs - Just opening an image is enough for malware to hack your phone

Last updated: April 17, 2025 | 17:59

2 MIN READ

Hacked by a picture? WhatsApp image scam uses silent malware to rob users

Shutterstock

A disturbing new WhatsApp scam has come to light after a man in Madhya Pradesh, India, lost nearly Rs200,000 from his bank account. The scam begins innocently: the victim receives a photo from an unknown number on WhatsApp with a request to identify the person in the image.

In this case, the victim initially ignored the message but gave in after receiving multiple calls from the same number. Once he opened the image, his phone was silently hacked. Cybercriminals used the opportunity to steal sensitive bank information and swiftly drained his account.

Also In This Package

New WhatsApp privacy features: All you need to know

WhatsApp tests new privacy features for voice, video call: All you need to know

Spotted new WhatsApp features? Here’s what’s new

WhatsApp rolls out major updates for chats, calls and channels including new iPhone features

Watch: WhatsApp launches new service for UAE users

Meta’s WhatsApp launches new service for UAE users

WhatsApp rolls out ‘Chat Themes’ feature: How to use

WhatsApp rolls out ‘Chat Themes’ feature: What it is, how to use it, and more

How the scam works

Unlike traditional phishing scams that rely on suspicious links or OTPs, this one uses a technique called steganography — where malware is embedded within image files. Once the image is opened or downloaded, the malware activates silently, granting hackers access to the victim's phone, apps, IDs, passwords, OTPs, and bank account details.

This method is especially dangerous because:

There’s no OTP prompt or link click involved.
The user only needs to open an image to fall victim.
It leaves little trace, making the scam hard to track.

What the malware can do

Once installed, the malicious software can:

Steal personal and financial data.
Give hackers remote access to the device.
Enable fraudulent transactions.
Trigger scam calls to further the attack.

How to protect yourself from the WhatsApp photo scam

Don’t open files from unknown numbers: Even if the message seems harmless, ignore and block unknown senders.
Turn off media auto-download in WhatsApp settings to prevent automatic saving of harmful files.
Keep your phone’s OS and apps updated to ensure the latest security patches are in place.
Use trusted antivirus software to detect and block malware.
Avoid engaging with suspicious calls or image requests, especially if someone asks you to identify someone from a photo.
Spread awareness: Inform friends and family so they don’t fall prey to this tactic.

Also Read: WhatsApp: Beware of a temporary and permanent ban

Official warning

Authorities, including Kerala Police, have also issued public advisories warning users to avoid opening or downloading any media from unknown contacts on WhatsApp or SMS.

As scams become more advanced, staying alert and cautious is the best defense. Don’t trust unknown messages — even something as simple as a photo can be a trap.