Cybersecurity experts have identified a new Android spyware campaign, named LANDFALL, targeting Samsung Galaxy devices through a critical vulnerability. This malware exploits a zero-day flaw in Samsung’s image processing library, delivering surveillance capabilities via specially crafted image files sent through WhatsApp. The vulnerability, CVE-2025-21042, was unpatched until April 2025, allowing the spyware to embed itself in DNG image files delivered to targets. This method is similar to attacks on Apple iOS devices, indicating a trend of exploiting DNG vulnerabilities across platforms. LANDFALL is designed to infiltrate Samsung devices like the S22, S23, and S24 series, as well as Z Fold4 and Z Flip4 models. The malware’s components communicate with a command and control server, enabling extensive surveillance functions such as recording, tracking, and data extraction. The campaign has been linked to targeted attacks in the Middle East, with potential connections to known spyware groups. Samsung addressed this vulnerability in April 2025, and additional related vulnerabilities were patched in September 2025, protecting users from similar threats.
How Does the New “LANDFALL” Malware Exploit Samsung Vulnerabilities Through WhatsApp Images?
