iTnews
Security researchers at Palo Alto Networks' Unit 42 division have documented a previously unknown Android commercial spyware that exploited a zero-day vulnerability in Samsung devices throughout 2024 and early 2025.
The LANDFALL malware used a critical flaw in Samsung's image processing library to surveil targeted users in the Middle East, through malicious code hidden in Digital Negative (DNG) format files.
Unit 42 said the DNG image files appear to have been sent via WhatsApp between July 2024 and February 2025, judging by samples found in Google's VirusTotal malware scanning site.
This suggests at least seven months of active exploitation before Samsung patched the vulnerability in April 2025, following disclosure to the company in September 2024, Unit 42 said .
LANDFALL exploit
Atlanta Black Star Entertainment
Raw Story