Spyware continues to become more sophisticated and evade the security guardrails put in place by device manufacturers like Samsung. A new report indicates how a spyware delivered via WhatsApp infected an unknown number of Galaxy devices in the Middle East for over a year. Images sent via WhatsApp were the delivery method for this spyware called LandFall. It exploited a zero-day vulnerability in Samsung's Android image processing library to enable attackers to run arbitrary code on the device.Samsung has since patched this exploitDistribution through images on WhatsApp meant that attackers could gain access to users' devices without requiring them to download anything or click on a malicious link. Once installed, the spyware provided virtually unrestricted access to the device, including photos, messages, contacts, live microphone, and real-time location.This breach was discovered by Palo Alto Networks’ Unit 42 which believes it's likely a commercial surveillance spyware used for targeted attacks against individuals. Evidence of infections has been found dating as far back as July 2024 in Turkey, Morocco, Iran, and Iraq. Affected devices included the Galaxy S23, S23, and S24 series in addition to some Galaxy Z foldable phones. The current flagship Galaxy S25 seems to not be vulnerable.The good news is that this zero-day exploit, identified as CVE-2025-21042, was patched by Samsung in the April 2025 security update. It highlights the importance of using devices that at least have support for security updates even if OS upgrade support has ended. The post Samsung phones were compromised by this spyware for over a year appeared first on SamMobile.