US EditionSamsung phones under threat from this dangerous new spyware cyberattack - here's how to stay safe
The zero-day flaw CVE-2025-21042 was exploited in targeted Middle East attacks since July 2024, affecting multiple Galaxy models before Samsung patched it in April 2025.
- CISA added CVE-2025-21042 to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to secure Samsung devices within three weeks, until December 1.
- The flaw resides in CVE-2025-21042, a critical 9.8/10 out-of-bounds write in libimagecodec.quram.so exploited via malformed.DNG raw image files shared over WhatsApp, affecting Android versions 13 through 15.
- Unit 42's analysis shows Landfall spyware records audio, calls, location and accesses photos, contacts, SMS, call logs, files, targeting Iraq, Iran, Turkey and Morocco with C2 infrastructure resembling Stealth Falcon operations.
- Samsung issued a patch in April after reports from Meta and WhatsApp Security Teams, and CISA urged all organizations to prioritize patching or discontinue use if mitigations are unavailable.
- This episode fits a wider pattern, as Unit 42 said Landfall exploits DNG image-processing vulnerabilities in mobile spyware and Itay Cohen said it suggests government-backed espionage but lacks conclusive vendor links.
27 Articles
27 Articles
What is ‘Landfall’ spyware, and how was it used to target Samsung Galaxy phones?
Landfall spyware, Samsung Galaxy hack: Similar to other commercial-grade spyware, Landfall enables broad surveillance of victims by vacuuming up on-device data as well as tapping the device’s microphone and tracking precise location.
New spyware attacks Samsung Galaxy phones through WhatsApp images - The Canadian Media
#LANDFALL spyware#Samsung Galaxy security flaw#WhatsApp image malware IBNS-CMEDIA: A newly identified spyware targeting Samsung Galaxy smartphones has been discovered by Palo Alto Networks’ Unit 42 researchers. The malware, named LANDFALL, was found to be exploiting a zero-day vulnerability in Samsung’s Android image processing library. According to Unit 42, attackers used the flaw — tracked as
Landfall Spyware’s Silent Siege on Samsung Phones
Landfall Spyware’s Silent Siege on Samsung Phones In the shadowy world of cyber espionage, a new threat has emerged that underscores the vulnerabilities even in premium smartphones. Dubbed ‘Landfall,’ this sophisticated Android spyware exploited a zero-day flaw in Samsung Galaxy devices, allowing attackers to remotely execute malicious code without user interaction. According to research from Palo Alto Networks’ Unit 42, the campaign targeted hi…
Security researchers have discovered a spyware program that targeted Samsung Galaxy phones in a nearly year-long hacking campaign. The threat is particularly worrisome because the victim didn't have to take a single careless step. Once the image was downloaded to their phone, it could be used to view their activities, eavesdrop on their microphone, and track their exact location without their knowledge.
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
