Warning for Samsung Galaxy Users: Spyware ‘Landfall’ Found Stealing Data for Nearly a Year

Cybersecurity researchers from Palo Alto Networks’ Unit 42 have discovered a dangerous Android spyware called Landfall, which has been targeting Samsung Galaxy devices for nearly a year, stealing sensitive user data without detection.

The spyware spread through a malicious DNG image sent via messaging apps like WhatsApp, exploiting a zero-day vulnerability — unknown to Samsung at the time — to take full control of the infected device.

Once activated, Landfall could access photos, messages, contacts, call logs, location data, and even the microphone. According to the report, the first signs of the campaign appeared in July 2024, but Samsung only patched the flaw (CVE-2025-21042) in April 2025, leaving users exposed for months.

The vulnerability resided in ‘libimagecodec.quram.so’, allowing remote attackers to execute arbitrary code without user interaction. The main affected models include the Galaxy S22, S23, S24, and some Galaxy Z devices running Android 13 to 15.

Researchers believe the campaign was a targeted espionage operation, primarily affecting users in the Middle East, and possibly linked to private-sector offensive actors (AOSP).

It remains unclear who developed Landfall or how many users were affected, but senior researcher Itay Cohen described it as a “precision attack” rather than a widespread infection.

Samsung has released a security patch, and experts strongly advise all Galaxy users to update their devices immediately to stay protected.