Samsung Spyware Attack: LandFall 0-Day Used WhatsApp Images
- Here's a breakdown of the key details from the provided text regarding the "LandFall" hack targeting Samsung phones:
- * What happened: A zero-day vulnerability (CVE-2025-21042) in the Samsung Android image processing library was exploited too install spyware on Samsung smartphones.
Here’s a breakdown of the key details from the provided text regarding the “LandFall” hack targeting Samsung phones:
* What happened: A zero-day vulnerability (CVE-2025-21042) in the Samsung Android image processing library was exploited too install spyware on Samsung smartphones.
* How it worked: Hackers sent malicious image files (in DNG format) via WhatsApp messages. Opening these images triggered the vulnerability adn installed the spyware.
* whatsapp’s role: WhatsApp itself wasn’t directly vulnerable. The attack used WhatsApp as a delivery method for the malicious files.
* Spyware name: The spyware family is called “LandFall.” It’s described as ”commercial-grade.”
* Patch: samsung patched the vulnerability in april 2025.
* Revelation: security researchers at Palo Alto Networks Unit 42 published an analysis of the attack.
* Timeline: The attacks were observed “in the wild” before the April 2025 patch, and the spyware has been operating as at least that time.
