A sophisticated spyware campaign successfully infected Samsung Galaxy phones for more than a year. The attack exploited a critical security flaw in the devices’ image processing. It was delivered through manipulated images sent via WhatsApp.
The breach gave attackers complete access to personal data. According to Reuters, the spyware operated undetected across several Middle Eastern countries.
LandFall Spyware Used Zero-Day Exploit
The malicious software, identified as LandFall, used a zero-day vulnerability. This flaw was in Samsung’s Android image processing library. Attackers could execute remote code without user interaction.
Simply receiving a specially crafted image on WhatsApp was enough to trigger the infection. Users did not need to click a link or download a file. This method made the threat highly effective and difficult to detect.
Palo Alto Networks’ Unit 42 discovered the campaign. Their report suggests it was a commercial surveillance tool. Infections have been traced back to July 2024.
Patched Vulnerability Highlights Update Importance
Samsung addressed the flaw, tracked as CVE-2025-21042, in its April 2025 security patch. The update is available for many recent models. This incident underscores the critical need for regular security updates.
Affected devices included the Galaxy S23 and S24 series. Some Galaxy Z foldable phones were also vulnerable. The newly released Galaxy S25 was not susceptible to this specific attack.
The spyware could access messages, photos, and real-time location data. It could also activate the microphone for live eavesdropping. The breach represents a significant privacy violation for targeted individuals.
This Samsung Galaxy spyware incident reveals the evolving nature of mobile threats. Keeping device software updated is the primary defense against such exploits. User vigilance remains essential in the digital age.
Info at your fingertips
Which Samsung phones were affected by the spyware?
The breach impacted the Galaxy S23 and S24 series. Some Galaxy Z fold and flip models were also vulnerable. The newer Galaxy S25 was not affected by this particular exploit.
How did the spyware get onto phones?
It was delivered through manipulated images sent via WhatsApp. Opening the image was enough to trigger the infection. No download or link click was required from the user.
Has the security flaw been fixed?
Yes, Samsung patched the vulnerability in its April 2025 security update. The patch is identified as CVE-2025-21042. Users should ensure their devices have installed this update.
What could the spyware access on an infected phone?
It granted attackers extensive access to personal data. This included text messages, contact lists, and live location. The spyware could also activate the camera and microphone remotely.
Who was targeted in this attack?
Evidence points to targeted individuals in specific countries. Infections were found in Turkey, Morocco, Iran, and Iraq. The campaign appears to have been used for surveillance purposes.
Trusted Sources
Palo Alto Networks Unit 42, Reuters, Samsung Mobile Security
Meta Details
জুমবাংলা নিউজ সবার আগে পেতে Follow করুন জুমবাংলা গুগল নিউজ, জুমবাংলা টুইটার , জুমবাংলা ফেসবুক, জুমবাংলা টেলিগ্রাম এবং সাবস্ক্রাইব করুন জুমবাংলা ইউটিউব চ্যানেলে।
