453/68 Monday, November 10, 2025
A new report from Palo Alto Networks’ Unit 42 reveals the discovery of a new spyware strain called “Landfall,” designed specifically to target Samsung Galaxy devices. The malware is capable of fully compromising infected devices for surveillance, including recording phone calls, tracking device location, silently taking photos, and stealing contacts and call logs. It exploits a zero-day vulnerability (CVE-2025-21042) in Samsung’s image processing library.
Researchers found that attackers deliver the malware through malicious DNG (Digital Negative) image files that contain embedded exploit code, often sent to victims over WhatsApp. When the victim opens the image, the malware leverages the vulnerability to gain persistence on the device. The campaign primarily targets users in the Middle East, including Iraq, Iran, Turkey, and Morocco, with a focus on Samsung Galaxy S22, S23, and S24 models. Samsung released a security patch to fix this vulnerability in April 2025.
What makes Landfall particularly concerning is the level of sophistication, indicating that it is commercial-grade spyware, typically developed for use by state-level actors or large organizations for targeted surveillance – similar to the infamous Pegasus spyware. Landfall uses advanced evasion techniques that allowed it to remain undetected in devices from mid-2024 until April 2025. This incident highlights the importance of keeping security updates installed and maintaining devices with the latest software versions.
Source https://www.darkreading.com/mobile-security/landfall-malware-targeted-samsung-galaxy-users
