The most innocent file on your phone—a digital photograph—turned out to be a Trojan horse for nearly a year. A powerful, commercial-grade surveillance tool dubbed LANDFALL successfully exploited a secret flaw in Samsung Galaxy phones, allowing hackers to gain complete control simply by sending a malicious image.
Samsung patched the core zero-day vulnerability (CVE-2025-21042) in the Galaxy’s image processing library in April 2025. However, security researchers confirmed the targeted attacks were already active in the wild as early as July 2024. It was a really simple attack to carry out in relation to its severity. The flaw was hidden deep within the Galaxy’s photo handling component, waiting for a malicious DNG image file to trigger it.
Samsung Galaxy S phone flaw allowed full surveillance via LANDFALL spyware
Attackers allegedly sent victims a corrupted DNG file, often disguised with common names like “WhatsApp Image…” This file contained an embedded ZIP archive. The exploit chain then forced the phone to unpack and execute LANDFALL, often without the user needing to interact with the image at all. Yes, this was a “zero-click” attack capable of evading user suspicion.
Once activated, LANDFALL transformed the targeted Samsung phone into a total spy machine. It was capable of collecting sensitive data: recording the microphone, tracking location, and stealing photos, contacts, SMS, and call logs. The spyware specifically targeted high-end flagships, including the Galaxy S22, S23, and S24 series. Various Z Fold and Z Flip models were also affected. Researchers tracked the attacks to individuals in the Middle East, specifically Iraq, Iran, Turkey, and Morocco.
The professional level of LANDFALL suggests development by a sophisticated vendor. Analysis of the spyware’s infrastructure showed intriguing overlaps with an infamous surveillance group known as Stealth Falcon. This group has past associations with state-level espionage.
It seems the attack chain was part of a broader trend. A similar DNG image flaw also recently exploited iOS devices.
The post Galaxy Zero-Day: Spyware Hid in Samsung Phones for Nearly a Year appeared first on Android Headlines.
