New Delhi, November 10: Samsung Galaxy devices were reportedly hit by a spyware campaign that exploited a zero-day vulnerability in the company’s Android image processing library. The Android spyware, which is called as “LANDFALL,” was used to spy on Samsung Galaxy users. As per reports, it was used by hackers to access photos, contacts, and call logs without detection. Researchers found that this commercial-grade spyware was embedded in malicious image files, possibly sent through WhatsApp, which allowed attackers to infiltrate devices without any user interaction.

As per a report of Unit 42, the LANDFALL spyware exploited a zero-day flaw identified as CVE-2025-21042 in Samsung’s Android image processing library. The spyware was hidden inside a malicious Digital Negative (DNG) file format. DNG is a type of raw image format that is built upon the TIFF image format. The campaign was active since mid-2024 and was patched by Samsung in April 2025, and another related flaw called CVE-2025-21043 was fixed later in September to prevent similar attacks. Samsung Galaxy S26 Specifications and Features Leaked, Tipped To Feature Exynos 2600 Processor; Check Details.

LANDFALL Spyware Targets Samsung Galaxy Devices

Between July 2024 and February 2025, several malicious DNG image files carrying the LANDFALL spyware were discovered online. The issue was first reported to Samsung in September 2024 and was patched in April 2025 through a firmware update. Later, in September 2025, another related security flaw, CVE-2025-21043, was also fixed to further strengthen device protection.

Mobile malware often relies on a chain of multiple vulnerabilities to fully compromise a device. LANDFALL is modular spyware built for spying and stealing data from infected phones. Researchers at WhatsApp also found a related DNG flaw, tracked as CVE-2025-21043, and was also reported it to Samsung. Apple Working on Satellite-Powered Features, 5G NTN Tech and Gemini AI Integration for Siri Ahead of iPhone 18 Launch: Report.

As per reports, LANDFALL was specifically developed to target Samsung Galaxy devices. It included the Samsung Galaxy S23 Series, Samsung Galaxy S24 Series, Samsung Galaxy S22, Samsung Galaxy Z Fold 4, and Samsung Galaxy Z Flip 4. The spyware enabled attackers to secretly record audio, track location, and access personal data like photos, contacts, and call logs. The campaign primarily affected users in Middle Eastern countries like Iraq, Iran, Turkey, and Morocco.

TruLY Score by LatestLY
Rating:3

TruLY Score 3 – Believable; Needs Further Research | On a Trust Scale of 0-5 this article has scored 3 on LatestLY, this article appears believable but may need additional verification. It is based on reporting from news websites or verified journalists (Unit 42), but lacks supporting official confirmation. Readers are advised to treat the information as credible but continue to follow up for updates or confirmations

(The above story first appeared on LatestLY on Nov 10, 2025 03:58 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).