New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images
gbhackers
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices.
The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsung’s image processing library to deliver commercial-grade surveillance capabilities through maliciously crafted image files sent via WhatsApp.
The LANDFALL campaign exploited CVE-2025-21042, a zero-day vulnerability in Samsung’s Android image processing library that remained unpatched until April 2025.
Attackers embedded the spyware within malformed DNG (Digital Negative) image files, which were delivered to targets through WhatsApp messages.
The exploitation method closely resembles a similar attack chain discovered targeting Apple iOS devices in August 2025, highlighting a broader pattern of DNG image processing vulnerabilities being weaponized across mobile platforms.
Unit 42’s discovery came during their investigation of iOS exploit chains when they identified ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE