Everything you need to know about Landfall – the powerful spyware campaign – that attacked Samsung Galaxy phones…
Cybersecurity researchers have brought to light a powerful spyware campaign called Landfall, that has been exploiting a vulnerability in Samsung Galaxy phones. As per Unit 42, the intelligence team of Palo Alto Networks, this spyware was silently active for several months, giving attackers access into Samsung phones for months, without requiring any clicks from the user.
What is Landfall Spyware?
Landfall is a commercial grade android spyware that can be deployed to do broad surveillance on infected devices. It has access to photos, videos, contacts and call logs, and can even record audio by turning on the microphone.
According to researchers at Unit 42, the spyware has been active since July 2024. What makes it especially dangerous is the fact that it is a zero-click exploit – which means it can tap into a device without requiring a click or action from the user.
How the Attack Worked
The exploit took advantage of a bug in Samsung’s image processing library traced as CVE-2025-21042. The spyware was disguised as a malicious DNG image file – raw file format – which contained a hidden zip file.
The corrupted file was sent to victims via WhatsApp because of how the app processes media. When the phone processed the DNG file, the exploit was triggered automatically without needing a click from the user and installed Landfall’s payload.
Who was Targeted and Why
According to Unit 42, several Galaxy devices including the S22, S23 and S24 as well as Z Fold and Flip variants were attacked. Devices that were running Android 13 to Android 15 were vulnerable.
The spyware focused on Middle East targets, based in Iran, Iraq, Turkey and Morocco. It was not mass targeted, it zeroed in on specific individuals.
Exactly who made the spyware is still unclear though there are reports that claim that it could be the work of a known spyware operator called Stealth Falcon.
Timelines & Response
According to Unit 42, Landfall was first detected in July 2024 but Samsung only addressed the vulnerability in a patch released in April 2025. The spyware was active for several months without being detected or addressed which means several users had fallen prey to it for months.
Unit 42 also claimed that this was not an isolated incident and that such vulnerabilities in image parsing libraries have occurred in the recent past.
How to Protect Yourself from Such Spyware
Though there is no 100% safety technique in place, here are a few ways to protect yourself from such spyware:
- Keep your devices updated with the latest software upgrades.
- Avoid opening unexpected image files or attachments even on trusted apps, especially if they are sent from messaging platforms.
- Enable antivirus apps like Google Play Protect to always scan for malicious software.
- Watch out for signs like rapid battery drain, unfamiliar apps or unusual data usage.
- Avoid sharing critical information over potentially vulnerable apps. Use encrypted tools or minimise sharing.
The Last Word
The Landfall incident is a reminder that even high-tech devices are vulnerable to spyware. The fact that the attackers were able to get access with zero click and continue the attack for months without detection while having access to a wide range of files is alarming.
While Samsung has patched the vulnerability, this is a reminder to always keep your software up to date. Many more such cyberattacks are bound to happen in the future and we will be sure to tell you all about them.
In case you missed:
- No More Budget Phones: India is Buying Premium Phones Now
- Samsung’s Galaxy S25 Phone Might Shape the iPhone 17 Air
- Samsung S25 Review: A Powerful Upgrade with AI Enhancements
- Cool Things You Didn’t Know Your iPhone Could Do
- WhatsApp adds New Document Scanning Feature
- From Silicon Valley to Gaza: Microsoft’s Cloud could be Israel’s War Machine
- How to turn your Old Smartphone into a Home Security Camera
- Why You Should Never Reuse Passwords
- Cloudflare’s One-Click Solution for Image Verification
- Reddit launches AI-Powered ‘Answers’ Feature in India
