Published 22 hours ago • loading... • Updated 6 hours ago

Commercial Spyware “Landfall” Ran Rampant on Samsung Phones for Almost a Year

On Friday, Palo Alto Networks Unit 42 revealed LandFall, a spyware targeting Samsung Galaxy devices in the Middle East that was active since at least July 2024 before being patched this year.
Researchers found the campaign abused CVE-2025-21042, a critical out-of-bounds write in libimagecodec.quram.so triggered by malicious DNG image files, enabling zero-click infection via WhatsApp since July 23, 2024.
Unit 42's analysis shows LandFall targets five Galaxy models including Galaxy S22, S23, S24, Z Fold 4 and Z Flip 4, embedding a loader and SELinux policy manipulator while using six command-and-control servers.
Unit 42 cautioned that although Landfall shares infrastructure similarities with Stealth Falcon, attribution remains unclear as `The technical overlaps are intriguing but not strong enough for responsible attribution`, Cohen said, and researchers urged users to install this year's patch due to removal difficulty.
Related patches and advisories show that Unit 42 noted LandFall's DNG-image technique echoes broader DNG image-parsing exploitation observed in recent commercial spyware operations, with similarities to activity in August and September, Cohen said.

Insights by Ground AI

13 Articles

The Register

Center

Landfall spyware used in 0-day attacks on Samsung phones

: 'Precision espionage campaign' began months before the flaw was fixed

11 hours ago

Read Full Article

Ars Technica

Reposted by

World NEWS Live

Center

Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year

Targeted attack could steal all of a phone’s data and activate camera or mic.

14 hours ago·United States

Read Full Article

CyberScoop

Center

New Landfall spyware apparently targeting Samsung phones in Middle East

A new commercial-grade spyware has apparently been targeting Samsung Galaxy phones in the Middle East, but it’s not clear who’s behind it, researchers said in a blog post Friday. Whoever’s responsible, they seized upon a previously unknown, unpatched vulnerability known as a zero-day — a flaw Samsung has since closed, the researchers from Palo Alto Networks’ Unit 42 said. The company dubbed the spyware “Landfall.” The research indicates potentia…

17 hours ago

Read Full Article

BleepingComputer

Center

New LandFall spyware exploited Samsung zero-day via WhatsApp messages

A threat actor exploited a zero-day vulnerability in Samsung's Android image processing library to deploy a previously unknown spyware called 'LandFall' using malicious images sent over WhatsApp. [...]

20 hours ago

Read Full Article

TechCrunch

Center

'Landfall' spyware abused zero-day to hack Samsung Galaxy phones

A newly identified Android spyware targeted Galaxy devices for close to a year, including users in the Middle East, researchers exclusively tell TechCrunch.

22 hours ago·United States

Read Full Article

cybernoz.com

LANDFALL Spyware Exploited Samsung Zero-day CVE-2025-21042 In Middle East Attacks - Cybernoz - Cybersecurity News

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks Pierluigi Paganini November 07, 2025 A now-patched Samsung Galaxy flaw, tracked as CVE-2025-21042, was exploited as a zero-day to deploy LANDFALL spyware in targeted attacks in Middle East. Samsung patched a flaw exploited as a zero-day, tracked as CVE-2025-21042 (CVSS score of 8.8), to deploy LANDFALL spyware on Galaxy devices in Middle East attack…

10 hours ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year