A security flaw in Samsung Galaxy devices was exploited as a zero-day to deliver the espionage tool LANDFALL, targeting Middle Eastern users. The campaign involved malicious WhatsApp images and exploited two unpatched vulnerabilities, revealing advanced command-and-control techniques. #CVE-2025-21042 #LANDFALL #StealthFalcon
Keypoints
- A zero-day vulnerability (CVE-2025-21042) in Samsung devices was exploited before being patched in April 2025.
- The LANDFALL spyware can harvest sensitive data, including calls, messages, photos, and location information.
- The attack used malicious DNG images sent via WhatsApp, exploiting a zero-click chain of vulnerabilities.
- Exploits involved embedded ZIP archives containing shared object files to escalate permissions and maintain persistence.
- The threat actor behind LANDFALL remains unknown, but infrastructure shows similarities to Stealth Falcon operations.
Read More: https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html