{"id":169585,"date":"2025-11-08T10:46:09","date_gmt":"2025-11-08T10:46:09","guid":{"rendered":"https:\/\/www.europesays.com\/ie\/169585\/"},"modified":"2025-11-08T10:46:09","modified_gmt":"2025-11-08T10:46:09","slug":"samsung-spyware-attack-critical-landfall-0-day-used-whatsapp-images","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ie\/169585\/","title":{"rendered":"Samsung Spyware Attack \u2014 Critical LandFall 0-Day Used WhatsApp Images"},"content":{"rendered":"

\"Samsung<\/p>\n

LandFall spyware attacks targeted Samsung via WhatsApp.<\/p>\n

SOPA Images\/LightRocket via Getty Images<\/p>\n

It\u2019s not been the best week for smartphone users, what with news of yet another dangerous iPhone attack<\/a>, and warnings from Google about active Gmail scams<\/a>. But Samsung users are the subject of the latest headlines as security researchers reveal details of a hack attack that exploited a critical zero-day vulnerability to install spyware on smartphones, using WhatsApp images as the in. Thankfully, the vulnerability has been patched. But here\u2019s everything you need to know about LandFall. <\/p>\n

ForbesAll Smartphone Users Must Type This Code Now \u2014 Thank Me LaterBy Davey Winder<\/a>How LandFall Hackers Exploited CVE-2025-21042 To Install Spyware On Samsung Phones<\/p>\n

Security researchers from Palo Alto Networks Unit 42 team have published an in-depth analysis<\/a> of a zero-day vulnerability within the Samsung Android image processing library. CVE-2025-21042 is just part of a spyware family, the researchers said, which has been named LandFall. \u201cThis vulnerability was actively exploited in the wild before Samsung patched it in April 2025,\u201d the report confirmed, with attacks observed in the wild. The commercial-grade spyware used with Landfall, alongside the exploit used, had not been publicly reported or analyzed. Until now.<\/p>\n

The LandFall exploit was distributed by being embedded in malicious image files using the DNG format, and sent by way of WhatsApp messages, according to the report. However, Unit 42 pointed out that the \u201cresearch did not identify any unknown vulnerabilities in WhatsApp.\u201d I have approached Meta for a statement.<\/p>\n

Known to have been operating since at least as far back as July 2024, LandFall was using the critical CVE-2025-21042 zero-day vulnerability for months before it was eventually patched in April 2025. I have approached Samsung for a statement, but it\u2019s important to note that there is no risk to current users because of that update. In September, \u201cSamsung also patched another zero-day vulnerability in the same image processing library,\u201d Unit 42 said, \u201cfurther protecting against this type of attack.\u201d<\/p>\n

ForbesRestart Google Chrome 142 Now, High-Rated Security Issues ConfirmedBy Davey Winder<\/a><\/p>\n

Which is good to know, as LandFall is a full-on commercial-grade spyware attack that enabled what the report referred to as comprehensive surveillance. This included the use of the smartphone microphone, location-tracking functionality, contacts, call logs, and photos. <\/p>\n

The bad news is that, as Unit 42 said, the use of malformed DNG files \u201chighlights a significant, recurring attack vector: the targeting of vulnerabilities within DNG image processing libraries.\u201d CVE-2025-21042 was not the first and is unlikely to be the last vulnerability that can be exploited by LandFall or similar spyware exploits. The advice, therefore, is to remain vigilant, whether a Samsung user or not, and keep your devices updated, and avoid opening random WhatsApp messages. You might also want to consider using Android\u2019s advanced protection mode<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"LandFall spyware attacks targeted Samsung via WhatsApp. SOPA Images\/LightRocket via Getty Images It\u2019s not been the best week…\n","protected":false},"author":2,"featured_media":169586,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[74],"tags":[821,97095,18,19,17,97090,97092,97093,42048,82,97091,4635,97094],"class_list":{"0":"post-169585","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-android","9":"tag-cve-2025-21042","10":"tag-eire","11":"tag-ie","12":"tag-ireland","13":"tag-landfall","14":"tag-samsung-smartphone","15":"tag-smasung-galaxy","16":"tag-spyware","17":"tag-technology","18":"tag-unit-42","19":"tag-whatsapp","20":"tag-zero-day-attack"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@ie\/115513680726045645","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts\/169585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/comments?post=169585"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts\/169585\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/media\/169586"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/media?parent=169585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/categories?post=169585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/tags?post=169585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}