A new report from Palo Alto Networks’ Unit 42 has uncovered “LANDFALL,” a sophisticated Android spyware that targeted Samsung Galaxy phones using a zero-day vulnerability in Samsung’s image processing library.
The attack spread through malicious DNG image files sent via apps like WhatsApp, allowing hackers to secretly steal photos, contacts, call logs, microphone recordings and location data without user interaction.
The flaw affected devices running One UI 5–7 (Android 13–15), including the Galaxy S22, S23, S24, Z Fold 4 and Z Flip 4, and was active mainly in the Middle East during 2024–2025.
Samsung patched the issue in April 2025, so users are urged to update to the latest software and security patch to stay protected.
Source: Android Authority
