This Spyware Targeted Samsung Phones Using Malicious Images
A cybersecurity vendor has revealed how a spyware attack exploited a serious flaw in Samsung software for several months to target specific users. This vulnerability, identified as CVE-2025-21042, relates to a bug in an image processing library on Samsung phones.
Although Samsung issued a patch in April 2025, a commercial-grade spyware called “Landfall” took advantage of this flaw starting in mid-2024, according to the Unit 42 cybersecurity team from Palo Alto Networks.
How Landfall Operated
“Landfall was embedded in malicious image files (DNG file format) that appear to have been sent via WhatsApp,” Unit 42 explained in their report.
The spyware specifically targeted Samsung Galaxy devices, including the S22, S23, S24, Z Fold4, and Galaxy Z Flip 4 series, primarily in the Middle East, covering countries such as Iraq, Iran, Turkey, and Morocco.
Spyware Capabilities and Impact
- Record audio
- Access and collect data from photos
- Extract contacts and call logs
- Other extensive monitoring functions
Unit 42 also found evidence suggesting Landfall could infect devices without any user interaction, known as a “zero-click” attack.
Discovery Method
Unit 42 identified this spyware attack by searching Google’s VirusTotal, a platform where users submit suspicious programs for malware testing.
Author’s summary: The Landfall spyware exploited a Samsung image processing flaw via WhatsApp images to silently compromise high-profile Galaxy devices in the Middle East starting mid-2024.