By Eliza Popova
This vulnerability allowed hackers to inject the LANDFALL spyware onto various Samsung devices, including Galaxy smartphones. As the publication explains, a zero-day vulnerability is a vulnerability that no one knows about, and the developer is given zero days to develop a way to fix it. As it turned out, Samsung was able to remove the LANDFALL vulnerability only in April 2025, and before that the spyware had been operating undetected for about a year — that is, since about July 2024.
And officially, the fact that there is a problem with LANDFALL was not announced at all for a long time. According to the publication citing information from experts, LANDFALL was embedded in malicious DNG image files sent via WhatsApp. By the way, as for the involvement of the WhatsApp messenger itself in the distribution of the Samsung exploit, according to the Forbes report, its owner - the company Meta - categorically denies any involvement.
The spyware used microphone recording, location tracking, and photos to track users. Experts say that LANDFALL was developed specifically for attacks on the Samsung Galaxy line of devices. These attacks used a garbled image file that was deliberately corrupted to trigger a vulnerability in the software that reads the file. As soon as the malicious image landed on the target Galaxy phone, the device was compromised.
The Galaxy S22, Galaxy S23 and Galaxy S24 series, as well as the Z Fold 4 and Z Flip 4 foldable smartphones are among the Samsung phones that were most prone to LANDFALL attacks. At the same time, it is noted that the flagship Galaxy S25 series was not attacked. Security experts are now advising Samsung Galaxy users with Android 13-15 devices to make sure they install the April 2025 Android security update or later.
USA
Українська
English
Français
Deutsch
Italiano
Polski
Čeština
Español
Slovensku
