Spyware has become increasingly sophisticated, managing to bypass the security measures implemented by device manufacturers like Samsung. A recent report reveals that spyware, delivered through WhatsApp, infected numerous Galaxy devices in the Middle East for over a year. The spyware, named LandFall, was transmitted via images sent on WhatsApp, exploiting a zero-day vulnerability in Samsung’s Android image processing library. This allowed attackers to execute arbitrary code on the devices. Samsung has since addressed and patched this vulnerability. The distribution method allowed attackers to access users’ devices without requiring downloads or clicks on malicious links. Once installed, the spyware granted nearly unlimited access to the device, including photos, messages, contacts, live microphone, and real-time location tracking. Infections have been traced back to July 2024 in countries such as Turkey, Morocco, Iran, and Iraq. The affected devices include the Galaxy S23, S23, S24 series, and some Galaxy Z foldable phones, while the current Galaxy S25 appears to be unaffected.
How were Samsung phones compromised by spyware for over a year?
