'Landfall' Spyware Exploited Samsung Galaxy Phones in Middle East for Months

"Landfall" spyware secretly targeted Samsung Galaxy users, exploiting a zero-day via WhatsApp, evading detection and raising surveillance concerns.

By Content Team

Nov 8, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Security researchers discovered sophisticated spyware called "Landfall" that secretly targeted Samsung Galaxy users across Iraq, Iran, Turkey, and Morocco from mid-2024 through April 2025. The malware exploited a critical zero-day vulnerability in Samsung's image processing library, delivered through weaponized image files sent via WhatsApp.

Landfall could record conversations, track locations, capture photos, and steal contacts from high-end Galaxy devices like the S22, S23, and S24 series. Palo Alto Networks' Unit 42 team found the spyware had advanced detection evasion capabilities and linked it to commercial-grade surveillance operations similar to NSO Group's Pegasus.

Samsung patched the vulnerability after researchers privately reported it, but the campaign highlights how commercial spyware vendors increasingly target mobile platforms for government surveillance.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Saudi Arabia Ordered to Pay £3m to London Dissident Over Pegasus Spying

Jan 29, 2026

Signal Warns Users After Russian Hackers Target Officials Through Phishing Scams

Mar 11, 2026

Massive Healthcare Cyberattack Paralyzes Medical Billing Across America

Mar 6, 2026

Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Jan 14, 2026