A new cyber threat called Landfall spyware has been uncovered, raising alarms among global cybersecurity experts. According to researchers at Palo Alto Networks’ Unit 42, hackers exploited a zero-day Android vulnerability to infiltrate Samsung Galaxy smartphones, enabling long-term surveillance on targeted users across the Middle East.
The malicious campaign, which reportedly began in mid-2024, used a previously unknown flaw, now identified as CVE-2025-21042, in Samsung’s image processing library. This allowed attackers to infect devices through maliciously crafted DNG image files—meaning victims didn’t even need to click or open anything to be compromised.
How Landfall Spyware Works
The Landfall spyware functions similarly to Israel’s NSO Group’s Pegasus. It is a zero-click surveillance tool, capable of stealing photos, messages, contact lists, call logs, and real-time location data. It can also activate the microphone and camera without user consent, turning infected phones into live surveillance devices.
Investigators found traces of Landfall on Samsung Galaxy S22, S23, S24, and select Z-series models, running on Android 13 through 15. The spyware was active for months before discovery and was likely used in precision espionage operations targeting specific individuals rather than mass users.
Who Is Behind the Landfall Spyware?
While the exact perpetrators remain unidentified, researchers found digital evidence linking Landfall’s infrastructure to Stealth Falcon, a well-known spyware vendor previously associated with state-sponsored surveillance in the UAE. Uploaded samples to the malware database VirusTotal showed activity from Iran, Iraq, Turkey, and Morocco between 2024 and 2025.
Samsung and Apple Respond to the Threat
Samsung confirmed that it patched the exploited vulnerability in April 2025, months after the spyware campaign began. Meanwhile, Apple issued a similar fix in August after discovering a related iOS zero-day flaw, suggesting coordinated or parallel attacks across both mobile ecosystems.
Experts have urged Galaxy users to update their devices immediately and avoid downloading or viewing image files from unverified sources.
A Broader Cybersecurity Pattern Emerges
Security analysts believe the Landfall spyware incident highlights an emerging trend—where sophisticated attackers exploit image processing vulnerabilities in high-end smartphones to bypass traditional security systems.
As governments and corporations worldwide step up efforts to counter advanced spyware threats, the discovery of Landfall serves as a sobering reminder of how fast cyber espionage tactics are evolving.
