Previously Unknown Spyware Used in 0-Day Attacks on Samsung Phones
Postedabout 2 months ago
unit42.paloaltonetworks.comTechstory
calmnegative
Debate
20/100
Android SecuritySpywareZero-Day Exploits
Key topics
Android Security
Spyware
Zero-Day Exploits
A new commercial-grade Android spyware called LANDFALL was used in 0-day attacks on Samsung phones, exploiting a now-patched vulnerability through WhatsApp-sent DNG images, highlighting the ongoing threat of image parsing vulnerabilities.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
N/A
Peak period
1
Start
Avg / period
1
Key moments
- 01Story posted
Nov 7, 2025 at 5:09 PM EST
about 2 months ago
Step 01 - 02First comment
Nov 7, 2025 at 5:09 PM EST
0s after posting
Step 02 - 03Peak activity
1 comments in Start
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 7, 2025 at 5:09 PM EST
about 2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45851742Type: storyLast synced: 11/17/2025, 7:57:13 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
This isn't an isolated incident. LANDFALL is part of a larger DNG exploitation wave. Within months, attackers weaponized image parsing vulnerabilities across Samsung (CVE-2025-21042, CVE-2025-21043) and Apple (CVE-2025-43300 chained with WhatsApp CVE-2025-55177 for delivery)
It seems like DNG image processing libraries became a new attack vector of choice – suspiciously consistent across campaigns. Samsung had two zero-days in the same library, while a parallel campaign hit iOS - all exploiting the same file format. Should we expect more?