Muscat: Cybersecurity expert Seifallah Jedidi from Kaspersky warns that WhatsApp is now a prime target for hackers looking to hijack conversations, steal identities, and drain wallets—often without users realizing until it’s too late.

So, how are they breaking in?

Cybercrooks are using two main tricks. The first? They exploit WhatsApp’s “Linked Devices” feature, silently logging into your account on another device. You continue chatting as usual, while someone else reads everything in the background. Creepy? Very.

The second is even sneakier—they re-register your account on their phone. You get booted out, and they’re in control. Your chats, contacts, and even work info could now be in the wrong hands.

Messengers are our digital diaries, emphasized Jedidi, as they hold conversations with family, confidential work notes, and private memories. Losing access means losing trust.

But the tricks don’t stop there.

Enter steganography—the art of hiding malicious code inside innocent-looking files. Think of it as malware in disguise. One such scam struck 28-year-old Pradeep Jain, who received a photo from an unknown number with the message: “Do you know this person?” Moments after downloading the image, ₹2.01 lakh vanished from his account. The scammer even mimicked his voice to fool the bank.

This type of attack, known as Least Significant Bit (LSB) steganography, embeds code in images (like .jpg or .png), which gets executed once opened. The malware hides in the fine print—literally.

What makes this technique so dangerous is its invisibility. Unlike phishing links or suspicious apps, a seemingly harmless image can fool even advanced antivirus tools. Traditional security systems rarely scan for hidden content, revealed Neehar Pathare, MD of 63SATS as he said that these files pass under the radar, activated by specific triggers.

So, what can you do to stay safe?

• Enable two-step verification on WhatsApp and set a strong PIN.
• Avoid downloading media from unknown numbers, no matter how curious the message.
• Disable auto-download in your WhatsApp settings to stop rogue files from saving silently.
• Update your phone regularly to patch vulnerabilities.
• Be cautious with group invites, and set permissions to “My Contacts.”
• Silence unknown callers using WhatsApp’s built-in feature.
• Use passkeys if available, for biometric-based security.

And most importantly: Never share OTPs, even with people who seem familiar.

As the digital landscape evolves, so do the scams. The message is clear: don’t trust every message. Your next download could be more than just a picture—it could be a backdoor into your life.

Stay alert. Stay private. Stay one step ahead.