Galaxy phones targeted by spyware, millions to loose future updates

Evidence shows Galaxy phone spyware campaign is centred in Middle East, with victims reported in Morocco, Iran, Iraq, Turkey
Tech Desk Tech Desk - Tech Desk Nov 10, 2025
An undated image. —  Shutterstock
An undated image. —  Shutterstock

Samsung Galaxy phones were compromised for almost ten months by an unidentified Android spyware called Landfall, according to a recently discovered cyber-espionage campaign.

The hack took advantage of a critical zero-day vulnerability in Samsung's image-processing library, identified as CVE-2025-21042, which gave attackers the ability to take over devices by sending them a malicious image file, usually through WhatsApp.

The exploit was embedded by the attackers in corrupted Digital Negative (DNG) files that were masquerading as regular JPEG pictures.

Once activated, Landfall could record audio, track GPS location, retrieve contacts, messages, photos, and call logs, as well as turn on the camera and microphone on the device.

There is evidence that the campaign was centred in the Middle East, with victims reported in Morocco, Iran, Iraq, and Turkey.

Instead of describing it as mass-distribution malware, Unit 42 called it a "precision espionage" operation. 

The vulnerability remained unpatched until Samsung issued an emergency fix in April 2025, and samples go back to July 2024. Before mitigation, the exploit was in use for about ten months, according to researchers.

In the April 2025 security update, Samsung fixed CVE-2025-21042, resolving the problem. All Galaxy owners have been advised by the company to update their firmware.

Five Samsung models, however, will no longer receive security patches as of November 2025 because their software support has officially ended.

Despite the fact that the current Landfall campaign is thought to be dormant following the patch, this leaves millions of older devices open to future exploits.

More than one billion Android devices worldwide are out of date, according to analysts, which makes them vulnerable to similar zero-day attacks.

Owners of Galaxy devices should confirm that they are running Android 13-15 and that the April 2025 security patch has been applied or later.

Risk can be decreased by turning off WhatsApp and other messaging apps' automatic media downloads. Upgrading to a newer model is the safest option for devices that are no longer supported.

Galaxy S26 gets Perplexity AI integration with ‘Hey Plex’ voice assistant
Galaxy S26 gets Perplexity AI integration with ‘Hey Plex’ voice assistant
iOS 26.4 Beta brings AI-powered playlists, video podcasts, and more
iOS 26.4 Beta brings AI-powered playlists, video podcasts, and more
Galaxy S26 camera upgrade leaks: Two improvements revealed
Galaxy S26 camera upgrade leaks: Two improvements revealed
Google Pixel 10a launched: Specs and pricing revealed
Google Pixel 10a launched: Specs and pricing revealed
Pakistan to impose 20% excise tax on imported smartphones
Pakistan to impose 20% excise tax on imported smartphones
Galaxy S26 series price revealed: Full specs inside
Galaxy S26 series price revealed: Full specs inside
What’s changing in iOS 27? All details inside
What’s changing in iOS 27? All details inside
Google to bring AirDrop-like support to more Android phones
Google to bring AirDrop-like support to more Android phones
Google Pixel 10a launch date, pre-orders confirmed: All details here
Google Pixel 10a launch date, pre-orders confirmed: All details here
iPhone 18 design to remain unchanged: Report
iPhone 18 design to remain unchanged: Report
Android 16 boosts theft protection with new security features
Android 16 boosts theft protection with new security features
Here's how to register mobile phone with PTA online
Here's how to register mobile phone with PTA online

COPYRIGHT © 2026 GADiNSiDER, All Rights Reserved | Contact Us