Cybersecurity agencies and police have warned users about malware hidden inside JPEG image files and fake wedding invitation scams on WhatsApp. Officials said cybercriminals are using malicious APK files and infected images to steal banking information, passwords and personal data from unsuspecting victims.
Published Date – 14 May 2026, 03:52 PM
Hyderabad: Cyber hackers are using a new tactic to spread malware through JPEG image files, a format commonly used for sharing photos across phones, computers and social media platforms.
According to cybersecurity agencies, cybercriminals are embedding malicious code inside specially crafted image files and circulating them through email attachments, messaging applications, suspicious websites and cloud-sharing links.
Officials warned that opening such files, and in some cases even previewing them, may trigger hidden malware, allowing attackers to access the device, steal data or install harmful software.
The Ministry of Home Affairs recently issued an alert highlighting that the threat can affect a wide range of operating systems, including Windows, macOS, Linux and Android, depending on vulnerabilities in image viewers, browsers or apps used to open the file.
“Since JPEG is widely considered a safe and trusted file format, attackers are using it to bypass user suspicion and certain security filters,” the alert said.
Cyber experts said these attacks may be used for phishing operations, identity theft, unauthorised surveillance or financial fraud. Infected files can compromise passwords, personal documents, banking information and even corporate data if opened on official devices.
Police authorities have advised installing trusted antivirus protection and being cautious while previewing attachments from unverified sources.
In case of suspected compromise, users have been asked to immediately disconnect the affected device from the internet, run a complete security scan and change passwords for important accounts.
Fraudsters exploiting wedding season:
Hyderabad: Cybercriminals are exploiting the wedding season with a new scam, sending fake digital wedding invitations to unsuspecting users through WhatsApp.
Along with the invitation, fraudsters are attaching APK files disguised as wedding cards, prompting recipients to download them. As soon as the APK file is installed, the attackers allegedly gain access to the phone and siphon off money from bank accounts.
Police have warned citizens not to open or download wedding invitations, APK files or suspicious attachments received from unknown contacts.
Officials said such files can install malicious software and give cybercriminals remote access to personal devices and banking information.
People can report cybercrime to authorities through the National Cyber Crime Reporting Portal or by calling the national helpline 1930.
