Researchers at Palo Alto Networks’ Unit 42 have discovered a new type of Android spyware, Landfall, and they are calling it a ‘commercial-grade espionage software’. 

Landfall exploited an unknown zero-day vulnerability in Samsung’s Android image-processing library to secretly spy on Galaxy smartphones. The malware reportedly conducted its operations undetected for almost nine months before Samsung issued patches in April 2025.

How Did Landfall Target Samsung Galaxy Phones?

The spyware attack was directed solely at Samsung Galaxy S22, S23, S24, Z Fold4, and Z Flip4 smart devices. The perpetrators circulated cleverly designed image files, pretending to be harmless DNG photos, through WhatsApp and other messaging platforms. These files, when processed by the phone, would automatically trigger a zero-click exploit. This implies that the phone user didn’t have to open or otherwise interact with the images for the attack to succeed.

Tracked as CVE-2025-21042, the exploit gave the malware deep access to the phone system, including recording audio, stealing messages, capturing screenshots, and monitoring locations, none of which would have alerted the victim.

Who Was Targeted and What’s the Motive?

Security researchers said the cyberattack was highly targeted, with the majority of attacks hitting countries in the Middle East and North Africa. The sophistication and narrow distribution of the attack suggest that it may have been deployed by private-sector surveillance firms or by state-linked actors for espionage purposes.

What Has Samsung Done?

Samsung acknowledged the vulnerability and released a patch for the flaw in an April 2025 firmware update. It is highly recommended that users install the latest security patch without delay to avoid becoming victims of the exploit.

Also Read: Phishing Attack Targets Crypto Wallets Using “Permit” Function Exploit, Costing Victim $209K

Why Does It Matter?

The Landfall spyware attack is a prime example of how even the most ordinary files, such as images, can be utilized as attack vectors through zero-day exploits. Additionally, it highlights the growing threat of espionage using specialized malware designed for high-profile and secure networks.

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp