Unit 42, the threat intelligence arm of Palo Alto Networks, recently uncovered a concerning threat to Samsung Galaxy phone users – a sophisticated spyware dubbed ‘Landfall.’ This malicious software, utilizing a zero-day exploit in Samsung’s Android software, posed a significant risk by allowing attackers to access a phone’s data and even control the camera or microphone without user interaction.
According to researchers, Landfall was first detected in July 2024 and remained active for nearly a year before Samsung released a patch in April 2025 to address the underlying vulnerability (CVE-2025-21042). While the specific targets of these attacks are believed to be individuals in the Middle East for surveillance purposes, the culprits behind Landfall remain unidentified.
Landfall’s ability to execute as a zero-click attack, meaning it could compromise devices without any action required from the user, made it particularly insidious. The exploit was only discovered due to similar bugs found in Apple iOS and WhatsApp, prompting further investigation that ultimately unveiled the Landfall attack strategy.
The attackers employed a clever tactic by hiding malicious payloads within modified DNG files, a type of raw file format. These files contained embedded ZIP archives carrying harmful code, illustrating the level of sophistication and cunning employed in this cyber threat.
As cybersecurity threats continue to evolve, it is crucial for both users and tech companies to remain vigilant against such exploits and promptly apply security patches to safeguard personal data and device integrity.
Source: Ars Technica