A new spyware family named “LANDFALL” has been discovered targeting Samsung Galaxy devices in the Middle East. This spyware exploits a zero-day vulnerability in Samsung’s image processing library, a part of a recurring series of vulnerabilities across various platforms. The vulnerability was actively used before Samsung released a patch in April 2025. LANDFALL was embedded in malicious DNG image files, likely sent via WhatsApp, employing a “zero-click” attack method similar to those used against Apple and WhatsApp platforms. The campaign began in mid-2024, months before Samsung issued a fix. In September 2025, Samsung addressed another similar vulnerability to enhance device protection. LANDFALL is designed for targeted attacks, with capabilities like audio recording, geographic tracking, and data access. It exploits the CVE-2025-21042 vulnerability and uses infrastructure similar to previous espionage operations in the region, hinting at possible involvement of private entities. Devices updated since April 2025 are no longer vulnerable.
Is New Spyware Exploiting Samsung Devices via Zero-Day Flaw?
