The LANDFALL operation targeted Samsung Galaxy devices by exploiting a zero-day vulnerability, specifically CVE-2025-21042, in Samsung’s image processing library. This critical flaw was first reported in mid-2024 and allowed attackers to infiltrate devices using malformed DNG files disguised as images, leading to the installation of Android malware capable of extensive surveillance capabilities including access to microphones, GPS tracking, and personal data harvesting.
The attack exploited vulnerabilities present in devices running Android versions 13 to 15, particularly the Galaxy S22, S23, S24, and Z series. The stealthy nature of the exploit suggested it was aimed at targeted espionage, likely linked to state-sponsored actors in the Middle East, where such surveillance operations have been increasingly common. Despite the release of patches in September 2025, experts highlight the importance of vigilance among users and timely updates to software, as the threats from private-sector offensive actors and commercial spyware remain significant and evolving.
👉 Pročitaj original: Cyber Security News
