Cyberwarfare / Nation-State Assaults
,
Endpoint Safety
,
Fraud Administration & Cybercrime
Adware Targets Samsung Galaxy Gadgets, Says Unit 42
Hackers used beforehand unknown business spy ware to surveil the actions of Samsung Galaxy machine house owners within the Center East, say safety researchers who posit the menace actor has connections to the United Arab Emirates.
See Additionally: 5 Methods Exabeam Helps Remove Compromised Credential Blindspots
Researchers from Palo Alto Networks Unit 42 on Friday disclosed spy ware they dub “Landfall,” writing that the producer patched it in April. Tracked as CVE-2025-21042, the flaw let hackers embed malware right into a DNG picture file, presumably texted to the sufferer via WhatsApp.
It seems that machine infections did not require consumer interplay after hackers despatched the corrupted picture – constituting what’s often known as a zero-click assault.
Unit 42 would not attribute the malware to any specific actor, however researchers did discover similarities between Landfall’s command and management infrastructure and area registration patterns and infrastructure related to Stealth Falcon, a menace actor that’s at the very least circumstantially related to the UAE authorities.
Builders of the spy ware could be Variston, a Barcelona-based vendor that reportedly shut down earlier this yr. Unit 42 once more wrote that it will probably’t make certain, however stated evaluation of spy ware elements recommend a hyperlink to Variston, which has equipped tooling to UAE purchasers.
As soon as a tool has been contaminated, Landfall basically turns into a surveillance hub. The spy ware is able to microphone recording, location monitoring and exfiltrating private information along with stealing pictures, contacts and name logs.
Unit 42 stated it probed the flaw after Apple in August patched an identical flaw for iOS gadgets. That flaw, tracked as CVE-2025-43300, additionally exploited cellular operation system processing of DNG photos.
“We can not affirm whether or not this chain was used to ship an equal of Landfall to iOS, or whether or not it’s the identical menace actor behind the 2. Nevertheless, this parallel improvement within the iOS ecosystem, mixed with the disclosure of the Samsung and Apple vulnerabilities just some weeks aside, highlights a broader sample of DNG picture processing vulnerabilities being leveraged in subtle cellular spy ware assaults,” researchers wrote.
