Security researchers uncovered LANDFALL, a sophisticated spyware campaign targeting Samsung Galaxy phones using a zero-day exploit. The campaign appears to be driven by espionage motives, with potential links to Middle Eastern threat actors. #LANDFALL #ZeroDay #SamsungGalaxy #Espionage #MiddleEast
Keypoints
- LANDFALL is a commercial-grade spyware used in a targeted hacking campaign against Galaxy phones.
- The spyware exploits a zero-day vulnerability in the phonesβ image processing libraries, tracked as CVE-2025-21042.
- Attackers used malformed DNG images with embedded ZIP archives sent via WhatsApp to exfiltrate data.
- The campaign shares infrastructure patterns with spyware linked to Middle Eastern private sector actors and possibly Stealth Falcon.
- Targeted devices include Galaxy ZFOLD4, Galaxy ZFlip4, and S22, S23, and S24 series models, with potential targets in Iraq, Iran, Turkey, and Morocco.
Read More: https://therecord.media/landfall-spyware-middle-east-appears-commercial-grade