Rachakonda Police ask Citizens not to Open Files, Images sent by Unknown Persons
Invisible Threat to Money, Privacy Delivered Through Images
Hyderabad: Most people who see a picture of a cute puppy or a scenic location, or some beautiful roses or alluring beach photos can resist downloading it. In some cases, the simple act could leave the user’s mobile phone compromised. With every possible update from fraudsters, the Rachakonda police are cautioning about how the fraudsters are hiding malware in images — using a stealthy digital tactic called steganography.
One could find it surprising how steganography was during the ancient times. Long before hackers or smartphones existed, Greek ruler Histiaeus faced a tricky problem: he needed to send a secret message to his ally without getting caught by enemies. Guess what he did?
He shaved the head of his most trusted soldier, tattooed the message directly onto his scalp, and waited weeks for the hair to grow back. Once the hair covered the message, the slave was sent off, like a walking USB drive. At the destination, they simply shaved his head again and there it goes, voila! Message delivered, no emails needed. And now, the malware is all in one beautiful image where it is downloaded and boom, phone compromised.
S.V. Laxmi, DCP, Rachakonda Cybercrime, explained, “That single click silently hands over one’s phone’s access. The image’s algorithm is manipulated to carry harmful codes and content. Once compromised, they can access OTPs and banking apps and even allow fraudsters to remotely control the device, and while all this is happening, the user has no clue and if there are transactions, he will realise only after receiving the transaction messages.”
Cybersecurity expert Sultan Sheik explained the technical side. “Images are made up of thousands of tiny dots called pixels. Each pixel has three colours; red, green, and blue — and each of those colours is stored in an eight-bit number. When someone wants to hide a file like an APK, they convert it into binary 0s and 1s and slightly change the last bit of each pixel’s colour to match the file. These changes are so small that naked eyes can not notice a difference in the image, but the malware is hidden inside.”
Images are usually sent on messaging platforms and one will download without suspecting anything. While WhatsApp factually compresses images which leads to destroying the hidden content, criminals are cleverly sending files as documents where the steganographic code remains intact.
Sultan added “If a phone is already infected with a background malware, it can extract the hidden file and install it without even downloading it.”
However, advising to be cautious of this old technique regaining its existence again, cyber experts and police officials are urging the citizens to follow the advisory.
