Security researchers discovered sophisticated spyware called "Landfall" that secretly targeted Samsung Galaxy users across Iraq, Iran, Turkey, and Morocco from mid-2024 through April 2025. The malware exploited a critical zero-day vulnerability in Samsung's image processing library, delivered through weaponized image files sent via WhatsApp.
Landfall could record conversations, track locations, capture photos, and steal contacts from high-end Galaxy devices like the S22, S23, and S24 series. Palo Alto Networks' Unit 42 team found the spyware had advanced detection evasion capabilities and linked it to commercial-grade surveillance operations similar to NSO Group's Pegasus.
Samsung patched the vulnerability after researchers privately reported it, but the campaign highlights how commercial spyware vendors increasingly target mobile platforms for government surveillance.
Source: Dark Reading