Landfall Spyware Targeted Samsung Phone Flaw, Attackers Still Unknown

Samsung Galaxy phones have been targeted by Android spyware dubbed Landfall, and for nearly a year, the attack went unpatched, running rampant throughout the Middle East. Unit 42 has recently released an in-depth report on the spyware and how it works, showcasing how a weakness in Samsung's image processing library allowed for Landfall to execute arbitrary code on victims' devices. Unit 42's findings indicate that the attack was not deployed on the larger Internet like Herodotus, but rather toward specific individuals in the Middle East, and exact motivations or identities of the attackers in question remain unknown.

Thankfully, the CVE-2025-21042 vulnerability that provided the attack vector for this spyware has been patched by Samsung since April 2025. But this was only after the attack was already in use since at least mid-2024, and Unit 42's research indicated that the attack was used for comprehensive surveillance of compromised ...