Caught You: Samsung Phones Targeted For Spyware Attack Using WhatsApp Images

Caught You: Samsung Phones Targeted For Spyware Attack Using WhatsApp Images

Samsung users have been the target of a dangerous spyware campaign that can be activated just by clicking on an image in WhatsApp. The new report comes via a cybersecurity firm who claims the victims in the Middle East were the main target with this campaign and the worrying part is that nobody knew about the attacks for months.

The details from Unit 42, part of Palo Alto Networks, has mentioned the spyware called Landfall which has been moving across devices hiding in plain sight within regular images that are being sent through WhatsApp region.

The WhatsApp Zero-Day Bug Issue

Using images to plant spyware can be easy and harmless because you don't have to click any suspicious links, or having to install an app that can bypass the security on the device. These hackers found a zero-day bug that made it easy for them to exploit the issue and just as you open an image the spyware sneaks into the system and does its work covertly.

The firm has codenamed the vulnerability as CVE-2025-20142 which seems to have affected the image gallery on Samsung devices. It says the hackers used Digital Negative (DNG) image files that were being tagged as regular JPEGs and they were transmitted through WhatsApp which raises no alarm.

Samsung Phones Targeted: Who Is At Risk?

The report says some of the latest Samsung devices, including the foldables have been the target for the spyware campaign that can be used to gather details such as calls, get access to photos and messages on the device, and even use the microphone covertly to listen to the conversations.

This is very similar to the Pegasus spyware that was also infiltrating WhatsApp on iPhones over the last few years. However, the Landfall spyware has mostly spread across countries like Turkey, Iran, Morocco and Iraq among others. These Samsung devices could have been attacked:

Swipe Left For Next Video

The company first detected the threat in mid-2024 and only informed Samsung around September last year. While the brand was only able to issue a patch for the risk in April this year. This big gap between reporting and fixing is not ideal, especially when you have millions of premium devices susceptible to covert hacking threats.

Source: News18
Related Posts: US court bans NSO Group from using spyware to target WhatsApp users Indian Govt Notifies iPhone Users About Spyware Attacks Filmo Mein Dekha Tha Ek Tha Tiger becomes only Indian film to be featured at International Spy Museum Interview | Srishti Lakhera opens up on how Ek Tha Gaon took shape Gambling ads target Indonesian Meta users despite ban Target app still down for many users as complaints mount in the US Samsung rolls out One UI 8 stable update to Galaxy S24 users Samsung Galaxy Watch 8 Users Get This Critical Health Feature Why some Samsung Galaxy S25 Ultra users are switching back to Galaxy S24 Ultra