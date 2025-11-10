People Using These Samsung Galaxy Smartphones Need To Update Them Immediately: Spyware Landfall Exposed
Samsung Galaxy models such as S22, S23, S24, Z Fold 4, and Z Flip 4 are the ones found to be affected by the spyware.
Published : November 10, 2025 at 12:23 PM IST
Hyderabad: Samsung Galaxy smartphone users need to be cautious. They need to be careful before downloading any images from unknown individuals that might look harmless, but could contain spyware capable of hacking their smartphones.
A sophisticated cyber spying campaign, Landfall, which ran quietly for almost a year, has been discovered. The spyware exploited a flaw in Samsung’s software to infiltrate devices without the need for any click or downloading any app or software from the victim.
It hides inside Digital Negative (DNG) image files, which are disguised as regular JPEG photos and sent via messaging apps like WhatsApp. The malicious code automatically gets activated when the image reaches a device, even without the victim opening or clicking it. This is known as a zero-click attack.
How does Landfall work?
According to a report by Unit 42 at Palo Alto Networks, Landfall targets a vulnerability known as CVE-2025-21042 present within Samsung’s image processing library.
Once a victim receives an infected DNG file, the spyware gets access to the phone’s camera, microphone, files, location, and call logs.
It turns the Samsung Galaxy phones into a full-fledged surveillance device, capable of recording calls, stealing photos and messages, accessing contacts, and tracking user activities in real-time.
The Landfall spyware is affected on Samsung Galaxy devices such as S22, S23, S24, Z Fold 4, and Z Flip 4, which are primarily located in Turkey, Iran, Iraq, and Morocco— countries within the Middle East.
What should Samsung Galaxy users do?
The South Korean tech giant has confirmed that devices running the latest software updates are now protected, as the company patched the vulnerability.
Those users who have not yet updated their handset can go to Settings > Software update > Download and install.
Landfall: Timeline and possible espionage groups
The Landfall campaign began in mid-2024 and ran undetected for several months. Although the security flaw was reported to Samsung, the security patch was released in April 2025.
The spyware was detected by Unit 42 while scanning Google’s VirusTotal, which is a database of suspicious files uploaded by users worldwide. It contained several infected DNG files uploaded from the Middle East, which were found to contain malicious code.
Unit 42 states that the Landfall campaign is run by a cyber-espionage group called Stealth Falcon, which was previously linked to spyware attacks on journalists and human rights activists in the UAE.