Samsung’s LANDFALL: How to Avoid a Spyware Avalanche
Unit 42 researchers have discovered LANDFALL, a crafty Android spyware family targeting Samsung Galaxy devices. Delivered via a zero-day vulnerability (CVE-2025-21042) in Samsung’s image processing library, LANDFALL sneaks into devices through malicious image files. Think of it as a sneaky photo-bomber with spyware ambitions!
Hot Take:
Samsung’s Android devices were the unsuspecting stars of a spy thriller involving a villainous zero-day vulnerability and a sneaky Android spyware family named LANDFALL. The real plot twist? It all started with a seemingly innocent DNG image file! Move over, Hollywood – we’ve got a new blockbuster in the making, and it’s called “LANDFALL: The Spyware Strikes Back.”
Key Points:
- LANDFALL is a newly discovered Android spyware targeting Samsung Galaxy devices through a zero-day vulnerability.
- Attackers exploited CVE-2025-21042, a flaw in Samsung’s image processing library, using malicious DNG image files.
- LANDFALL enabled extensive surveillance, including microphone recording and location tracking.
- The exploit chain possibly involved zero-click delivery via WhatsApp, echoing recent iOS and Samsung Galaxy exploits.
- The campaign shares infrastructure patterns with known spyware operations, hinting at private-sector offensive actor involvement.
Already a member? Log in here