Home » News » Mobile Phones » What is Landfall spyware, and how to protect your Samsung Galaxy phones from it

What is Landfall spyware, and how to protect your Samsung Galaxy phones from it

By Bhaskar Sharma | Updated on 12-Nov-2025
HIGHLIGHTS

Landfall is a zero-click spyware targeting Samsung Galaxy S22, S23, S24, and Z models through a flaw in Android’s image system.

It secretly steals data, records audio, and tracks location; linked to state-backed group Stealth Falcon.

Samsung patched the issue in April 2025; users should update devices and avoid suspicious images or links.

What is Landfall spyware, and how to protect your Samsung Galaxy phones from it
Bhaskar Sharma Bhaskar Sharma
12-Nov-2025

Cybersecurity researchers at Unit 42 (the threat intelligence team of Palo Alto Networks) discovered a dangerous new spyware named Landfall. The spyware is being described as one of the most severe smartphone threats of the year. According to the reports, the spyware has been secretly targeting Samsung Galaxy phones, including the S22, S23, S24, and Z series, by exploiting a hidden flaw in Android’s image processing system. What makes Landfall especially alarming is its “zero-click” attack method. Using this method, it can hijack a phone through a single malicious image sent via a messaging app, without the user clicking or downloading anything. 

Digit.in Survey
✅ Thank you for completing the survey!

Victims, mainly from the Middle East, reportedly had their personal data, photos, and chats stolen without realising it. Although Samsung patched the vulnerability in April 2025, experts warn that the spyware had been active for months before detection. The discovery raises fresh concerns about smartphone security worldwide, including in India. Here we have covered all the details, including what Landfall spyware is and how to protect your Samsung Galaxy phones from it.

Add As A Trusted Source For Google.
icon Add as a preferred source on Google

What is Landfall spyware, and how does it work?

Landfall is an advanced surveillance tool that allows attackers to secretly collect personal information from targeted devices. Once installed, it can access photos, call logs, contacts, and messages, while also activating a microphone and GPS to track the user’s movements. Researchers said the spyware was distributed through tampered DNG image (Digital Negative image) files exploiting a critical ‘zero day’ vulnerability also labelled as CVE-2025-21042. 

As per the reports, Landfall spyware is capable of the following things:

  • Accessing photos, contacts, call logs, and messages.
  • Recording audio using the device’s microphone.
  • Tracking the user’s real-time location through GPS.
  • Collecting information about installed apps and system configurations.

The researchers found that the spyware was active on Samsung devices running Android versions 13 through 15. The affected models included flagship Galaxy S-series phones, mainly the Galaxy S22, S23, and S24, and some Galaxy Z models.

Samples of Landfall were detected across devices in countries like Iran, Iraq, Turkey, and Morocco. While the exact source remains unknown, Unit 42 noted similarities between Landfall’s digital infrastructure and that of a known spyware operator called Stealth Falcon, previously linked to state-sponsored surveillance campaigns.

While Samsung issued a security patch in April 2025 to address the flaw, Unit 42’s analysis suggests that the spyware had been operational since mid-2024, meaning attackers had a significant head start before the vulnerability was fixed.

Who was behind Landfall, and what’s their motive?

While the exact group behind Landfall remains unknown, researchers have found digital footprints linking it to Stealth Falcon, a spyware vendor known to have been involved in state-sponsored cyber operations in the Middle East. According to cybersecurity firm Unit 42, Landfall was never designed for large-scale infections but instead was a precision play that might have targeted journalists, activists, and political figures; the motive, therefore, is surveillance rather than cybercrime. The campaign, according to experts, perfectly reflects what state-backed tools such as NSO Group’s Pegasus have been doing and brought to global headlines for similar reasons.

How to protect a Samsung device from Landfall

While Samsung has already released a patch to fix the vulnerability exploited by Landfall, users should take several precautions to ensure their devices remain secure.

  1. Ensure that your device is updated with the latest system and security patches. Samsung’s April 2025 update fixed the Landfall issue, but new threats can appear anytime.
  2. Don’t open images, links, or attachments from unknown or suspicious sources, even if they seem trusted.
  3. Enable Samsung Knox and Google Play Protect for real-time protection and app scanning.
  4. Download apps only from official stores like Google Play, not from third-party websites.
  5. Watch for warning signs like fast battery drain, overheating, high data use, or strange app permissions.
  6. Use a trusted antivirus app for extra protection, especially if you handle personal or work data.

Are iPhone users affected too?

Interestingly, the researchers noted that Apple patched a similar zero-day vulnerability in August 2025. The flaw affected iPhones’ image processing systems in a way comparable to Landfall’s exploit chain. Although Unit 42 could not confirm if the same group was behind both attacks, it observed a growing trend of cybercriminals exploiting image-processing vulnerabilities across mobile platforms.

“The parallel development of these vulnerabilities in both Android and iOS ecosystems points to a wider pattern of sophisticated exploitation techniques,” Unit 42 said in its report.

In response, Apple introduced a new system called Memory Integrity Enforcement (MIE) in its A19 and A19 Pro chips. This feature helps detect and block memory-based exploits used by spyware like Pegasus and Landfall.

Landfall has broader cybersecurity concern

Itay Cohen, a senior principal researcher at Unit 42 said, “Landfall is another reminder that advanced spyware is no longer limited to a few high-profile cases. It represents a growing threat to personal privacy and digital freedom.”

While most Indian Samsung users may not have been targeted in the Landfall campaign, experts say the incident serves as a wake-up call to take device security seriously. Zero-day vulnerabilities, by their nature, are difficult to detect before they are patched, making timely software updates and cautious online behaviour the best defence.

Bhaskar Sharma

Bhaskar Sharma

Bhaskar is a senior copy editor at Digit India, where he simplifies complex tech topics across iOS, Android, macOS, Windows, and emerging consumer tech. His work has appeared in iGeeksBlog, GuidingTech, and other publications, and he previously served as an assistant editor at TechBloat and TechReloaded. A B.Tech graduate and full-time tech writer, he is known for clear, practical guides and explainers. View Full Profile

Most Searched Mobile Phones
Upcoming Phones
Mobile Recharge Plans
Most Searched Laptops
Trending Movies & Web Series
Movies & Web Series
  • icon
  • icon
  • icon
  • icon
SUBSCRIBE Subscribe for the industry's biggest tech news
Enter your email to get notified about our new solutions
By submitting your email, you agree to our
Terms and Privacy Notice.
CONNECT WITH US
© 2025 Digit.in, All rights reserved
  • icon
  • icon
  • icon
  • icon
icon
© 2025 Digit.in, All rights reserved
Digit.in
Logo
Digit.in
Logo