Cybersecurity experts from Palo Alto Networks’ Unit 42 have uncovered Landfall, a sophisticated spyware targeting Samsung Galaxy smartphones that remained active for nearly a year, stealing users’ private data through an unknown system flaw.
The malware spread via a malicious DNG image sent through messaging apps like WhatsApp, exploiting a zero-day vulnerability (CVE-2025-21042) that allowed hackers to remotely execute code and access photos, messages, calls, contacts, locations, and microphones — all without user interaction.
Samsung identified the flaw in September 2024 and issued a patch in April 2025, but by then, the spyware campaign had already run undetected for months. The main targets were Galaxy S22, S23, S24, and Z models running Android 13–15, with victims mainly located in the Middle East.
Researchers say Landfall shares techniques with commercial spyware operations in the region, suggesting possible ties to private offensive actors. “This was a precision espionage attack aimed at specific individuals,” said Itay Cohen, senior researcher at Unit 42.
Security experts urge Galaxy users to update their phones immediately to install Samsung’s latest security patch and prevent infection.
