If you are using a Samsung Galaxy smartphone you need to stay cautious. Also individuals using Samsung Devices need to stay cautious before downloading any images from unknown individuals which may look from the harmless from the looks of it, however will contain a spyware capable of hacking over your smartphone.
What is the Spyware?
A newly exposed spyware campaign running quietly for almost a year, exploited a flaw in Samsung’s software to infiltrate phones without so much as a tap from the victim. The operation, uncovered by Palo Alto Networks’ Unit 42, hid a commercial-grade spyware called Landfall inside seemingly harmless photos and spread it through messaging apps.
The spyware installation is so simple and effortless that the individual might not even know that he has installed the virus in his Samsung device. Since there are no links that scamsters ask people to click, no suspicious third apps asked to install just by downloading a simple image from an unknown person on WhatsApp and the damage is done.
Hackers used DNG image file:
The culprit being used by scammers was a vulnerability tracked as CVE-2025-21042, lurking in Samsung’s image-processing library. According to Unit 42, attackers weaponised Digital Negative (DNG) image files, disguising them as ordinary JPEGs, and slipped them through messaging apps like WhatsApp. Once received, these images could silently compromise the phone, a textbook “zero-click” attack.
Once downloaded in the smartphone, Landfall becomes a full-fledged spy. It will listen to all calls, scour photos and messages, browse through contacts, record conversations, and even track the user’s location. The targets, mostly Galaxy S22, S23, S24, Z Fold 4, and Z Flip 4 users, were spread across parts of the Middle East, including Turkey, Iran, Iraq, and Morocco.
When was the Spyware First identified?
Researchers said that the spyware was first detected in mid-2024 and ran undetected for months. Samsung was reportedly informed about the issue in September 2024 but only pushed out a patch in April 2025, leaving devices exposed for almost half a year. While the flaw is now fixed, the episode highlights how even top-tier phones aren’t immune to silent surveillance.
For now, Samsung users who’ve kept their phones updated are safe. But the Landfall episode is yet another reminder that spyware is evolving fast, and sometimes, it doesn’t even need you to tap “download” before it moves in. Therefore individuals should never download media files from unknown individuals on social media apps and
Always update their smartphones with the latest security patch updates.
