A new report suggests that Samsung Galaxy the phones were attacked with zero-day spyware that could steal personal data, and it was reportedly widely used.
Global cybersecurity company Palo Alto Networks Block 42 discovered a previously unknown family of spyware they called “LANDFALL”. According to Android Authority, this spyware is part of a larger pattern that has been detected and patched on multiple platforms, including iOS.
On Android, hackers took advantage of a zero-day vulnerability in Samsung's Android imaging library to distribute spyware. This spyware was then used as a surveillance tool. As mentioned earlier, this vulnerability was reportedly exploited before Samsung patched it in April this year, months after the attacks were reported.
During LANDFALL, attackers used a DNG file containing spyware and distributed it through messaging applications such as Meta's WhatsApp. When the device processed the image, it accidentally downloaded spyware along with it. The spyware then allowed remote operators to extract data (photos, call logs, microphone recordings, and location tracking data). There were also tools to help spyware remain undetected, making it difficult to remove.
Palo Alto Networks Unit 42 believes LANDFALL was active in the Middle East between 2024 and early 2025 and was also used in targeted intrusions.
Android authority noted that Samsung One UI 5–One UI 7 (based on Android 13–Android 15) are potentially vulnerable, along with several targeted devices; Samsung Galaxy S22, Galaxy S23, Galaxy S24, Galaxy Z Fold 4 and Galaxy Z Flip 4.
Source: Android authority
MobileSyrup may earn a commission from purchases made through our links, which helps fund the journalism we provide for free on our website. These links do not influence our editorial content. Support us Here.
