Uhale Android picture frames boot-time malware delivery linked to Vo1d and Mezmess

Malware Activity

First reported

13.11.2025 15:00

Last updated

13.11.2025 15:00

Happening score

H score 12

1 unique sources, 1 articles

Summary

Hide ▲

Uhale Android-based picture frames are downloading and executing malware at boot, creating a persistent infection risk across devices sold under numerous brands. Quokka linked the payloads to Vo1d and Mezmess and found the update chain centers on Uhale app version 4.2.0. Because the JAR/DEX payload is reloaded on each reboot, the malicious code can keep returning after restarts.

Related Happenings

NoVoice Android malware hidden in Google Play apps

Malware Activity

First: 01.04.2026 21:07 Last: 01.04.2026 21:07 Sources 1

About this happening: **NoVoice** Android malware was found hidden in **more than 50 Google Play apps**, exposing **at least 2.3 million downloads** to compromise. After installation, it used **old And...

Open Happening

Samsung image processing library zero-day RCE (CVE-2025-21042)

Vulnerability

First: 07.11.2025 17:29 Last: 07.11.2025 17:29 Sources 1

About this happening: **CVE-2025-21042** is a **Samsung image processing library** flaw that was **exploited as a zero-day** to deliver **LANDFALL** spyware and achieve **remote code execution** on aff...

Latest development: 07.11.2025 20:00

Malicious DNG image artifacts associated with LANDFALL are dated to July 23, 2024, establishing an early sample date for the spyware payloads and exploit material tied to Samsung Galaxy Android devices.