Redazione RHC : 9 November 2025 09:19 Researchers at Palo Alto Networks Unit 42 have discovered a new, previously unknown family of Android spyware called LANDFALL . To spread it, malicious actors exploited a zero-day vulnerability (CVE-2025-21042) in the Android image processing library built into Samsung devices. This flaw is not an isolated case, but rather part of a recurring pattern of similar vulnerabilities found in various mobile platforms. CVE-2025-21042 was actively exploited in real-world (in-the-wild) attacks before its fix, released by Samsung in April 2025 , following initial reports of compromise. However, neither the exploit nor the associated commercial spyware had previously been analyzed or publicly documented . LANDFALL was distributed via malicious image files in DNG format , presumably sent via WhatsApp . The technique used closely resembles an exploit chain that involved Apple and WhatsApp in August 2025 , as well as a second campaign observed in September, linked to the CVE-2025-21043 vulnerability. It is important to note that no previously unknown vulnerabilities in WhatsApp were identified during the investigation. A crucial aspect is that the LANDFALL campaign was active as early as mid-2024 , months before the other vulnerabilities were publicly disclosed . The spyware exploited the Android/Samsung
Read More












