A deceptive scheme is spreading across WhatsApp, posing significant risks to users. Individuals are getting messages that appear innocuous, typically from unidentified contacts lacking profile names, featuring just a single image paired with a query such as 'Does this look like you?' or 'Recognize this individual?'
The ploy is designed to prompt recipients to approve and view the enclosed photo. On WhatsApp, media downloads require manual permission, which is precisely the action cybercriminals seek to provoke.
Contrary to appearances, the attachment is not a genuine snapshot of the recipient or an acquaintance; instead, it has been altered to deploy malicious software, creating entry points for unauthorized access to phones, tablets, or computers. Once inside, attackers can extract sensitive information and leverage it for extortion purposes.
Perpetrators are taking advantage of a flaw in WhatsApp that allows the insertion of tampered photos or videos undetected by the platform. They target the image preview generation during downloads, where files are divided into components essential for message handling.
By embedding harmful code fragments into this breakdown procedure, fraudsters enable the malware to infiltrate the intended gadgets. These operations occur invisibly, unfolding behind the scenes as the user attempts to access the file.
The consequences extend beyond mere curiosity: not only might intruders seize control of a user's WhatsApp profile, but they could also capture and extract information stored on the device. Exercising caution regarding trusted contacts within WhatsApp is essential.
For unsolicited communications, scrutinize the sender's identity and intent thoroughly. Contacts from unrecognized phone numbers frequently represent fraud attempts, where perpetrators broadcast to broad audiences in anticipation of victims overlooking red flags. Blocking such senders is the recommended course.
Refrain from accessing photos or attachments unless their contents are fully verified, the source is entirely reliable, and there's no apparent pressure to engage with them.
For added protection, turn off automatic media downloads by going to Settings, then Storage and data, and in the Auto-download media section, remove the checks from all categories, regardless of your network connection.
Additionally, ensure WhatsApp receives the most recent software updates, which address identified security issues and minimize exploitation opportunities. The timeline for patching this specific weakness remains unclear.
Further reading: WhatsApp prepares to restrict AI assistants such as ChatGPT in the near future.
This piece was initially published in our affiliate outlet PC-WELT and adapted from its German version.
Laura, a dedicated video game enthusiast and admirer of films and television, holds a degree in communication studies. She transitioned directly into roles at PCMagazin and Connect Living post-graduation. Her coverage encompasses computers and various tech subjects, serving as a full-time contributor to PC-WELT in Germany from May 2024 onward.