Landfall Android Spyware Targeted Samsung Phones via Zero-Day

A recently discovered Android spyware has been delivered to Samsung device owners through the exploitation of a zero-day vulnerability, Palo Alto Networks reported on Friday.

The spyware, named Landfall by Palo Alto Networks, exploited a vulnerability identified as CVE-2025-21042, which impacts a Samsung image processing library and which can be exploited for remote code execution.

The attackers appear to have exploited CVE-2025-21042 by sending the targeted users a specially crafted DNG image through WhatsApp. The attacks seem to have been aimed at Samsung Galaxy phones and the threat actor may have delivered Landfall through a zero-click exploit.

The security firm noted that it has not identified any previously unknown WhatsApp flaws.

Landfall can target Samsung Galaxy S22, S23, S24, Z Fold4, and Z Flip4 phones. Once it has infected a device, the malware enables its operator to spy on the victim. The spyware has microphone recording, location tracking, and data ...