{"id":23487,"date":"2026-01-13T08:00:31","date_gmt":"2026-01-13T01:00:31","guid":{"rendered":"https:\/\/fpt-is.com\/en\/?post_type=goc_nhin_so&#038;p=23487"},"modified":"2026-01-20T10:13:38","modified_gmt":"2026-01-20T03:13:38","slug":"a-photo-the-whole-device-eavesdropped-how-2","status":"publish","type":"goc_nhin_so","link":"https:\/\/fpt-is.com\/en\/insights\/a-photo-the-whole-device-eavesdropped-how-2\/","title":{"rendered":"A photo, the whole device &#8216;eavesdropped&#8217; &#8211; How was Samsung attacked?"},"content":{"rendered":"<p class=\"text-2xl leading-snug text-slate-700 dark:text-slate-400 md:text-3xl xl:text-3xl\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Recently, the security research firm Unit 42 (part of Palo Alto Networks) released details about a spying campaign targeting Samsung Galaxy devices.<\/span><\/p>\n<div id=\"post-content-wrapper\" class=\"prose prose-base mx-auto mb-10 min-h-30 break-words dark:prose-dark lg:prose-lg\">\n<h2 id=\"heading-overview\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Overview<\/strong><\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Recently, a dangerous event was recorded with just a seemingly harmless photo sent via WhatsApp, but it affected your entire\u00a0<strong>Samsung Galaxy<\/strong>\u00a0phone, and worse, it could be completely controlled by an attacker. No need to click on a link, no need to install strange apps, just a single image file is enough to open the door for attackers to infiltrate, eavesdrop, and steal all personal data.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">This sophisticated espionage campaign was unveiled by researchers from Unit 42 (Palo Alto Networks) under the name\u00a0<strong>\u201cLANDFALL spyware\u201d<\/strong>, exploiting the zero-day vulnerability\u00a0<strong>CVE-2025-21042<\/strong>\u00a0in Samsung Galaxy devices. The frightening part is that the attack is deployed through seemingly normal-looking images\u2014something most of us open every day. So, let&#8217;s explore just how sophisticated and terrifying this campaign is.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh1-1766998612.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-23493\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh1-1766998612.jpg\" alt=\"\u1ea3nh1 1766998612\" width=\"1280\" height=\"811\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh1-1766998612.jpg 1280w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh1-1766998612-700x444.jpg 700w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/a><\/span><\/p>\n<h2 id=\"heading-vulnerability-description\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Vulnerability Description<\/strong><\/span><\/h2>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Vulnerability Code:<\/strong>\u00a0CVE-2025-21042.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>CVSS Score:<\/strong>\u00a08.8\/10, indicating a high severity level.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Attack Mechanism:<\/strong>\u00a0An\u00a0<strong>out-of-bounds write error (CWE-787)<\/strong>\u00a0in Samsung&#8217;s image processing library (<a href=\"http:\/\/libimagecodec.quram.so\/\" target=\"_blank\" rel=\"noopener nofollow\"><code>libimagecodec.quram.so<\/code><\/a>).<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Consequences:<\/strong>\u00a0Potential for remote exploitation and risk of RCE.<\/span><\/li>\n<\/ul>\n<h2 id=\"heading-scope-of-impact\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Scope of Impact<\/strong><\/span><\/h2>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">All Samsung Galaxy devices using the\u00a0<a href=\"http:\/\/libimagecodec.quram.so\/\" target=\"_blank\" rel=\"noopener nofollow\"><code>libimagecodec.quram.so<\/code><\/a>\u00a0library\u00a0<strong>before the SMR Apr-2025 Release 1<\/strong><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Flagship devices like Galaxy S22, S23, S24, Z Fold4, Z Flip4<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Operating system range: Android 13<\/span><\/li>\n<\/ul>\n<h2 id=\"heading-campaign-details\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Campaign Details<\/strong><\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">As mentioned earlier, this vulnerability exists due to an\u00a0<strong>out-of-bounds write error<\/strong>. Simply put, an attacker can write to memory, leading to data being overwritten, damaging the memory structure, and potentially redirecting the control flow.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">First, the attacker creates a\u00a0<strong>DNG\/JPEG<\/strong>\u00a0image file with a format like:\u00a0<strong>\u201cIMG-20240723-WA0000.jpg\u201d or \u201cWhatsApp Image 2025-02-10 at 4.54.17 PM.jpeg\u201d.<\/strong>\u00a0The worrying part is that this file contains not just regular image data but also a ZIP archive\u00a0<em>appended to the end of the image file<\/em>\u00a0to include a malicious (.so) library.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\" data-rmiz=\"\"><a href=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-2-1766998614.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-23495\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-2-1766998614.jpg\" alt=\"\u1ea3nh 2 1766998614\" width=\"1280\" height=\"672\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-2-1766998614.jpg 1280w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-2-1766998614-700x368.jpg 700w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/a><br \/>\n<button type=\"button\" aria-label=\"Expand image\" data-rmiz-btn-zoom=\"\"><\/button><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\" data-rmiz=\"\"><a href=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh3-1766998611.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-23492\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh3-1766998611.jpg\" alt=\"\u1ea3nh3 1766998611\" width=\"1280\" height=\"895\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh3-1766998611.jpg 1280w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh3-1766998611-700x489.jpg 700w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/a><br \/>\n<button type=\"button\" aria-label=\"Expand image: Screenshot of a hexadecimal viewer displaying the contents of a WhatsApp image file named &quot;WhatsApp Image 2025-02-10 at 4.54.17 PM.jpeg,&quot; indicating a start of an embedded ZIP archive within the file data.\" data-rmiz-btn-zoom=\"\"><\/button><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Then the attacker will distribute these image files via WhatsApp, taking advantage of the app&#8217;s automatic media processing.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\" data-rmiz=\"\"><a href=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-4-1766998613.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-23494\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-4-1766998613.jpg\" alt=\"\u1ea3nh 4 1766998613\" width=\"1280\" height=\"1380\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-4-1766998613.jpg 1280w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-4-1766998613-700x755.jpg 700w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/a><br \/>\n<button type=\"button\" aria-label=\"Expand image: WhatsApp Adds Media Previews in Notifications - MacStories\" data-rmiz-btn-zoom=\"\"><\/button><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">When WhatsApp receives the image file and calls the native API to display, preview, and create thumbnails,\u00a0<a href=\"http:\/\/libimagecodec.quram.so\/\" target=\"_blank\" rel=\"noopener nofollow\"><code>libimagecodec.quram.so<\/code><\/a>\u00a0performs the following main steps:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Receive and check the container\/format<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Parse the header and metadata<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Process data segments\/strips\/tiles<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Decompress\/decode pixel data<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Create thumbnails\/preview\/color processing<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Handle attached\/non-image data (if any)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">And this is the weakest point:\u00a0<strong>Handling attached\/non-image data.<\/strong>\u00a0Some files can\u00a0<em>append<\/em>\u00a0non-image data (for example, a ZIP archive added to the end of a DNG\/JPEG). If the decoder tries to parse or decompress these blocks without checking the actual size, it can lead to out-of-bounds issues.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\" data-rmiz=\"\"><a href=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-5-1766998609.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-23491\" src=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-5-1766998609.png\" alt=\"\u1ea3nh 5 1766998609\" width=\"900\" height=\"691\" srcset=\"https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-5-1766998609.png 900w, https:\/\/cdn.fpt-is.com\/en\/sites\/3\/2025\/12\/anh-5-1766998609-700x537.png 700w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><\/a><br \/>\n<button type=\"button\" aria-label=\"Expand image: EXIF Steganography and image injection with go | by Totally_Not_A_Haxxer | Medium\" data-rmiz-btn-zoom=\"\"><\/button><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">And of course, from here the attacker can easily execute RCE, which will activate malicious components to maintain and escalate privileges.\u00a0<strong>LANDFALL<\/strong>\u00a0then becomes very powerful:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Record from the microphone, record calls.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Track precise GPS location.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Access photos, contacts, call history, SMS\/MMS messages, files, application databases.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Check device status (IMEI, IMSI, SIM, Bluetooth information, installed applications).<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Capable of escalating privileges, maintaining stealth, and removing traces by manipulating SELinux.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">According to experts, the consequences of a successful breach in this campaign are significant:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Users lose all privacy: devices are &#8220;eavesdropped,&#8221; &#8220;monitored,&#8221; and personal data is almost completely extracted.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">For businesses or government individuals, being monitored can lead to the leakage of important information, greatly impacting national or organizational security.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Since this vulnerability was not previously disclosed and has been exploited since 2024, the likelihood of being compromised without knowing is very high.<\/span><\/li>\n<\/ul>\n<h2 id=\"heading-conclusion\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Conclusion<\/strong><\/span><\/h2>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">The LANDFALL campaign clearly shows that\u00a0<strong>a seemingly minor vulnerability in an image processing library<\/strong>\u00a0can become a sophisticated espionage weapon. With just a specially crafted image sent through a messaging app, an attacker can execute remote code, access sensitive data, and maintain control over the device without the victim even knowing.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">CVE\u20112025\u201121042 not only affects\u00a0<strong>individual users<\/strong>\u00a0but is also a serious threat to\u00a0<strong>businesses, organizations, and government agencies<\/strong>, especially those with unpatched Samsung Galaxy devices. The wide range of impact, from Galaxy S22\/S23\/S24 flagships to the Z Fold\/Flip series, and across Android versions 13\u201315, highlights the importance of\u00a0<strong>timely patch management<\/strong>.<\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">This campaign also underscores a concerning reality: in the digital age,\u00a0<strong>even seemingly harmless media files can become sophisticated intrusion tools<\/strong>. Therefore, besides updating firmware, measures like disabling auto-download of media, restricting app permissions, deploying EDR\/MDM, and monitoring IoC are crucial to protect users and organizations.<\/span><\/p>\n<h2 id=\"heading-recommendations\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Recommendations<\/strong><\/span><\/h2>\n<ol>\n<li>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>UPDATE IMMEDIATELY \u2014 Samsung operating system and firmware<\/strong><\/span><\/h3>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Update Samsung&#8217;s SMR\/security patch<\/strong>\u00a0to the latest version (the CVE-2025-21042 patch was released in SMR Apr-2025). This is the\u00a0<strong>most effective measure<\/strong>\u00a0to close the code execution vulnerability from image files.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/security.samsungmobile.com\/securityUpdate.smsb?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">Security Updates Firmware Updates | Samsung Mobile Security<\/a><\/span><\/li>\n<\/ul>\n<\/li>\n<li>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Disable auto-download and media display in WhatsApp<\/strong><\/span><\/h3>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Turn off\u00a0<strong>automatic download of photos\/videos<\/strong>\u00a0in WhatsApp (Storage &amp; Data \u2192 Media auto-download) and disable\u00a0<strong>Media visibility<\/strong>\u00a0to prevent the app from automatically processing or displaying files upon receipt.<\/span><\/li>\n<\/ul>\n<\/li>\n<li>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Control permissions<\/strong><\/span><\/h3>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Review and restrict app permissions:\u00a0<strong>microphone, camera, location, SMS, storage<\/strong>. Only grant &#8220;While using the app&#8221; permission or disable entirely if unnecessary.<\/span><\/li>\n<\/ul>\n<\/li>\n<li>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Install and run security software<\/strong><\/span><\/h3>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Use a reliable mobile security application (Google Play Protect + Mobile AV\/EDR) and perform a full scan if suspicious.<\/span><\/li>\n<\/ul>\n<\/li>\n<li>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Raise awareness and training<\/strong><\/span><\/h3>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Train employees to be cautious with\u00a0<strong>media files received from untrusted sources<\/strong>, even if they appear to be normal images.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Guide: do not enable auto-download of media; if a file is suspicious, request it be resent as a secure link or verify the source.<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">Establish device usage policies for employees with access to sensitive data: require MDM, limit BYOD, and conduct regular checks.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2 id=\"heading-ioc\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>IOC<\/strong><\/span><\/h2>\n<ol>\n<li>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Hash file<\/strong><\/span><\/h3>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">9297888746158e38d320b05b27b0032b2cc29231be8990d87bc46f1e06456f93<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">b06dec10e8ad0005ebb9da24204c96cb2e297bd8d418bc1c8983d066c0997756<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">c0f30c2a2d6f95b57128e78dc0b7180e69315057e62809de1926b75f86516b2e<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">b975b499baa3119ac5c2b3379306d4e50b9610e9bba3e56de7dfd3927a96032d<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">29882a3c426273a7302e852aa77662e168b6d44dcebfca53757e29a9cdf02483<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">b45817ffb0355badcc89f2d7d48eecf00ebdf2b966ac986514f9d971f6c57d18<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">ffeeb0356abb56c5084756a5ab0a39002832403bca5290bb6d794d14b642ffe2<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">d2fafc7100f33a11089e98b660a85bd479eab761b137cca83b1f6d19629dd3b0<\/span><\/li>\n<\/ul>\n<\/li>\n<li>\n<h3><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>C2 (Command &amp; Control)<\/strong><\/span><\/h3>\n<ul>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">45.155.250[.]158<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">46.246<\/a>.28[.]75<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">[91.132.92[](<a class=\"autolinkedURL autolinkedURL-url\" href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com).]35\" target=\"_blank\" rel=\"noopener nofollow\">unit42.paloaltonetworks.com\/landfall-is-new..<\/a><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">[92.243.65[](<a class=\"autolinkedURL autolinkedURL-url\" href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com).]240\" target=\"_blank\" rel=\"noopener nofollow\">unit42.paloaltonetworks.com\/landfall-is-new..<\/a><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">192.36.57<\/a>[.]56<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">194.76.224<\/a>[.]127<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\">brightvideodesigns[.]com<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">hote<\/a>lsitereview[.]com<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">healthy<\/a>eatingontherun[.]com<\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">p<\/a>rojectmanagerskills[.]com<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2 id=\"heading-reference\" class=\"permalink-heading\"><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><strong>Reference<\/strong><\/span><\/h2>\n<ol>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">H<\/a><a href=\"https:\/\/security.samsungmobile.com\/securityUpdate.smsb?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener nofollow\">ackers Hijack Samsung Galaxy Phones via<\/a>\u00a0<a href=\"https:\/\/cybersecuritynews.com\/samsung-0-day-exploited-via-whatsapp\/\" target=\"_blank\" rel=\"noopener nofollow\">0-Day Exploit Using a Single WhatsApp Image<\/a><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/landfall-is-new-commercial-grade-android-spyware\/\" target=\"_blank\" rel=\"noopener nofollow\">LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices<\/a><\/span><\/li>\n<li><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-21042\" target=\"_blank\" rel=\"noopener nofollow\">NVD &#8211; CVE-2025-21042<\/a><\/span><\/li>\n<\/ol>\n<\/div>\n<div class=\"-mt-5 mb-10\">\n<table style=\"width: 943px;height: 93px\">\n<tbody>\n<tr>\n<td><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><b>Exclusive article by FPT IS Technology Experts<\/b><\/span><\/p>\n<p><span style=\"font-family: arial, helvetica, sans-serif;font-size: 12pt\"><i><span style=\"font-weight: 400\">Luu Tuan Anh \u2013 FPT IS Cyber Security Center<\/span><\/i><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"author":21,"featured_media":23497,"parent":0,"template":"","nang_luc":[790,821],"danh_muc_goc_nhin_so":[],"dich_vu":[712],"linh_vuc":[],"platform":[],"san_pham":[],"the_goc_nhin_so":[],"class_list":["post-23487","goc_nhin_so","type-goc_nhin_so","status-publish","has-post-thumbnail","hentry","nang_luc-experts-sharing","nang_luc-security","dich_vu-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/goc_nhin_so\/23487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/goc_nhin_so"}],"about":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/types\/goc_nhin_so"}],"author":[{"embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/users\/21"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/media\/23497"}],"wp:attachment":[{"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/media?parent=23487"}],"wp:term":[{"taxonomy":"nang_luc","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/nang_luc?post=23487"},{"taxonomy":"danh_muc_goc_nhin_so","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/danh_muc_goc_nhin_so?post=23487"},{"taxonomy":"dich_vu","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/dich_vu?post=23487"},{"taxonomy":"linh_vuc","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/linh_vuc?post=23487"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/platform?post=23487"},{"taxonomy":"san_pham","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/san_pham?post=23487"},{"taxonomy":"the_goc_nhin_so","embeddable":true,"href":"https:\/\/fpt-is.com\/en\/wp-json\/wp\/v2\/the_goc_nhin_so?post=23487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}