A recently patched security flaw in Samsung Galaxy devices was exploited as a zero-day to deliver a spyware known as **LANDFALL** during targeted attacks in the Middle East. This vulnerability is classified as CVE-2025-21042, with a CVSS score of 8.8. According to Palo Alto Networks’ Unit 42, the flaw allowed remote attackers to execute arbitrary code. Samsung addressed this issue in April 2025 after discovering it had been actively exploited.
Unit 42 indicated that the attacks, tracked as CL-UNK-1054, potentially targeted individuals in Iraq, Iran, Turkey, and Morocco. This raises concerns about mobile security in high-risk regions. Samsung also reported a second flaw in the same library (CVE-2025-21043), which had not been linked to the LANDFALL campaign but had a similar severity score.
These attacks likely involved sending malicious images through WhatsApp, specifically in DNG (Digital Negative) format. Evidence suggests that LANDFALL has been in play since at least July 23, 2024. The malware is designed to act as a sophisticated spy tool, gathering sensitive information like location data, photos, contacts, and call logs. Its zero-click exploit method means users don’t need to interact for it to work, making it particularly dangerous.
In a related issue, a flaw in WhatsApp affecting iOS and macOS was also discovered, potentially affecting fewer than 200 users. Apple and WhatsApp have since patched their vulnerabilities. Recent statistics show that mobile spyware incidents are on the rise, emphasizing the importance of robust mobile security. A study indicated that over 50% of cybersecurity threats now target mobile devices, illustrating a shift from traditional desktop attacks.
Analysis showed that the malware operates by extracting files embedded in a ZIP format within the DNG images. This allows LANDFALL to gain elevated permissions on devices, facilitating its operation and persistence. The malware communicates with a command-and-control server over HTTPS, indicating advanced tactics to maintain control over infected devices.
At this time, it’s unclear who is behind LANDFALL. However, experts are watching closely, noting that its infrastructure shares similarities with known groups like Stealth Falcon, although no direct links have been confirmed. Unit 42 emphasizes the complexity of modern exploits, highlighting how some can remain undetected and grow more sophisticated over time.
As mobile security threats continue to evolve, users should remain vigilant. Understanding the importance of software updates and employing secure practices can help mitigate risks. For ongoing information, you can refer to reports from trusted sources like the [Cybersecurity & Infrastructure Security Agency (CISA)](https://www.cisa.gov/) for the latest on mobile security and threats.
Source link
cyber security news, cyber news, cyber security news today, cyber security updates, cyber updates, hacker news, hacking news, software vulnerability, cyber attacks, data breach, ransomware malware, how to hack, network security, information security, the hacker news, computer security
