Palo Alto Networks Unit 42 has uncovered “LANDFALL,” a sophisticated Android spyware campaign that exploited a critical zero-day in Samsung’s image processing library (CVE-2025-21042). Attackers sent malicious image files via WhatsApp, which triggered code execution simply by being processed by the device, with no user interaction required (zero-click).
Business Impact
While patched in April, the discovery reveals a highly advanced, commercial-grade surveillance capability used against high-value targets. For executives and government officials using Android devices, this underscores the persistent risk of zero-click, targeted espionage that bypasses traditional mobile defenses.
Why It Happened
The vulnerability lay in a vendor-specific (Samsung) library for processing DNG images. Sophisticated actors actively hunt for such obscure flaws in OEM code to develop stealthy entry vectors that avoid scrutiny by the base Android OS.
Recommended Executive Action
Enforce a strict policy of immediate OS updates for all corporate mobile devices. For high-risk personnel, consider “Lockdown Mode” features (where available) or specialized secure communication devices that reduce attack surfaces from multimedia processing.
Hashtags: #MobileSecurity #Spyware #Samsung #ZeroDay #ZeroClick #Espionage #Android #InfoSec