Security researchers at Palo Alto Networks’ Unit 42 have uncovered a sophisticated campaign in which a newly-discovered Android spyware called Landfall secretly targeted Samsung Galaxy devices from July 2024 to April 2025, exploiting a zero-day vulnerability in the image-processing library found on Galaxy S22, S23, S24 and Z models running Android 13–15.
The hacking vector involved sending a specially crafted image—likely via a messaging app such as WhatsApp—which triggered full device compromise without any user interaction. Once installed, Landfall could intercept calls, harvest photos and logs, track location, and run covert surveillance modules.
According to the report, the campaign appears to have targeted individuals in the Middle East and used infrastructure overlapping with the known surveillance vendor Stealth Falcon, though attribution remains unconfirmed.
Samsung patched the flaw (tracked as CVE-2025-21042) in April 2025, but the scale of the campaign and the number of victims remain unclear. Users of Galaxy devices are urged to update to the latest security version immediately.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
