A look at an Android ITW DNG exploit

Between July 2024 and February 2025, malicious DNG files (a raw image format) were discovered that exploited a Samsung vulnerability through the Quram image parsing library. These files were sent via WhatsApp and triggered a spyware infection when users clicked to download the images, which then allowed the malware to run within Samsung's com.samsung.ipservice process, a system service that automatically scans images for AI-powered features.