"A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April. The surveillance campaign likely began in July 2024 and abused CVE-2025-21042, a critical bug in Samsung's image-processing library that affects Galaxy devices running Android versions 13, 14, 15, and 16,"
"According to the cyber sleuths, exploiting CVE-2025-21042 likely involved sending a maliciously crafted image to the victim's device via a messaging application in a "zero-click" attack, meaning that infecting targeted phones didn't require any user interaction. "It's not clear exactly how many people were targeted or exploited, but in a recent, related campaign, involving iOS and WhatsApp, WhatsApp shared that less than 200 were targeted in that campaign, so we can reasonably expect this could be a similar very targeted volume," Cohen said."
Beginning in July 2024, LANDFALL exploited CVE-2025-21042 in Samsung's image-processing library on Galaxy devices running Android 13–16. The attack used a maliciously crafted image delivered via messaging apps as a zero-click exploit to install modular surveillance code that recorded calls, tracked locations, and harvested photos and logs. Targeting focused on the Middle East with likely victims in Iraq, Iran, Turkey, and Morocco and a very limited victim count. Samsung released a patch in April, which terminated the active exploitation of the vulnerability.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]