A new Android spyware called Landfall exploited a zero-day vulnerability in Samsung devices for remote code execution, primarily targeting users in the Middle East and North Africa. The attack involved infected DNG images sent via WhatsApp, allowing spying capabilities such as microphone recording and data theft. #CVE-2025-21042 #Landfall #SamsungGalaxy #StealthFalcon
Keypoints
- Landfall is a spyware that targets Samsung Galaxy smartphones via a zero-day vulnerability.
- The vulnerability CVE-2025-21042 was patched in April but was exploited in the wildsince July 2024.
- The attack utilized specially crafted DNG images sent through WhatsApp to deliver the spyware.
- Landfall enables spying features such as microphone recording, location tracking, and data exfiltration.
- The threat actor behind Landfall remains unidentified but shows potential links to surveillance groups like Stealth Falcon, NSO, Variston, and Cytrox.
Read More: https://www.securityweek.com/landfall-android-spyware-targeted-samsung-phones-via-zero-day/