A sophisticated spyware known as “LANDFALL” targeted Samsung Galaxy devices by exploiting a zero-day vulnerability in the company’s image parsing library. This malware was distributed through malicious DNG images sent via messaging apps, allowing attackers to steal sensitive user data without any user interaction and while remaining undetected. The vulnerability affected several high-profile Galaxy models in 2024 and was patched by Samsung in April 2025.
Despite Samsung Galaxy phones being renowned for their robust security, this incident highlights that even top-tier devices can fall prey to malware. The spyware was discovered by Palo Alto Networks’ Unit 42 division and was part of a broader pattern affecting multiple mobile platforms. Attackers used a malformed DNG file to deliver the spyware, which enabled them to extract data such as photos, contacts, call logs, microphone recordings, and location information. The spyware also had evasion tools, making it difficult to detect and remove.
LANDFALL was reportedly active in 2024 and early 2025, primarily in the Middle East, targeting specific Samsung models like the Galaxy S22, S23, S24 series, Galaxy Z Fold 4, and Galaxy Z Flip 4. Although the vulnerability has been patched and there is no ongoing risk for current Samsung users, it is advised to keep devices updated with the latest Android version and security patches to ensure protection.
