US EditionSamsung phones under threat from this dangerous new spyware cyberattack - here's how to stay safe
The zero-day flaw CVE-2025-21042 was exploited in targeted Middle East attacks since July 2024, affecting multiple Galaxy models before Samsung patched it in April 2025.
- CISA added CVE-2025-21042 to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to secure Samsung devices within three weeks, until December 1.
- The flaw resides in CVE-2025-21042, a critical 9.8/10 out-of-bounds write in libimagecodec.quram.so exploited via malformed.DNG raw image files shared over WhatsApp, affecting Android versions 13 through 15.
- Unit 42's analysis shows Landfall spyware records audio, calls, location and accesses photos, contacts, SMS, call logs, files, targeting Iraq, Iran, Turkey and Morocco with C2 infrastructure resembling Stealth Falcon operations.
- Samsung issued a patch in April after reports from Meta and WhatsApp Security Teams, and CISA urged all organizations to prioritize patching or discontinue use if mitigations are unavailable.
- This episode fits a wider pattern, as Unit 42 said Landfall exploits DNG image-processing vulnerabilities in mobile spyware and Itay Cohen said it suggests government-backed espionage but lacks conclusive vendor links.
29 Articles
29 Articles
What is ‘Landfall’ spyware, and how was it used to target Samsung Galaxy phones?
Landfall spyware, Samsung Galaxy hack: Similar to other commercial-grade spyware, Landfall enables broad surveillance of victims by vacuuming up on-device data as well as tapping the device’s microphone and tracking precise location.
Samsung phones under threat from dangerous new spyware
Palo Alto is advising Samsung users to keep their devices updated and to be cautious of any messages, especially with attachments Researchers have warned that threat actors could exploit a flaw in multiple Samsung Galaxy device series to run malicious code remotely.
Inside Landfall: The Spyware that Hijacked Galaxy Phones without a Click
Everything you need to know about Landfall – the powerful spyware campaign – that attacked Samsung Galaxy phones… Cybersecurity researchers have brought to light a powerful spyware campaign called Landfall, that has been exploiting a vulnerability in Samsung Galaxy phones. As per Unit 42, the intelligence team of Palo Alto Networks, this spyware was silently [...] The post Inside Landfall: The Spyware that Hijacked Galaxy Phones without a Click …
New spyware attacks Samsung Galaxy phones through WhatsApp images - The Canadian Media
#LANDFALL spyware#Samsung Galaxy security flaw#WhatsApp image malware IBNS-CMEDIA: A newly identified spyware targeting Samsung Galaxy smartphones has been discovered by Palo Alto Networks’ Unit 42 researchers. The malware, named LANDFALL, was found to be exploiting a zero-day vulnerability in Samsung’s Android image processing library. According to Unit 42, attackers used the flaw — tracked as
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
