Landfall spyware targeting Samsung Galaxy phones
Malware Activity
Summary
Hide ▲
Show ▼
Landfall is an Android spyware operation that used CVE-2025-21042 in a Samsung image processing library to compromise Samsung Galaxy phones and enable surveillance plus data theft. The activity matters because the spyware could record microphone audio, track location, and steal photos, contacts, and call logs from infected devices. Evidence indicates the attacks were active since at least July 2024 and likely used a zero-click delivery path through WhatsApp. A later CISA alert also tied LANDFALL to a targeted campaign that exploited Samsung CVE-2025-21042 to deliver Android spyware to Galaxy devices in the Middle East.
Related Happenings
AirDrop and Quick Share fixes from Apple and Google
Security Patch Release
H score27
First: 30.06.2026 12:27
Last: 30.06.2026 12:27
Sources 1
About this happening:
**Apple** and **Google** have started shipping fixes for the disclosed **AirDrop** and **Quick Share** flaws, reducing exposure for nearby attacks against widely used sharing feat...
AirDrop and Quick Share fixes from Apple and Google
Security Patch ReleaseAbout this happening: **Apple** and **Google** have started shipping fixes for the disclosed **AirDrop** and **Quick Share** flaws, reducing exposure for nearby attacks against widely used sharing feat...
AirDrop and Quick Share nearby crash and session-bypass flaws security flaw
Vulnerability
H score1
First: 30.06.2026 12:27
Last: 30.06.2026 12:27
Sources 1
About this happening:
Nearby attackers can crash **AirDrop** and bypass **Quick Share** session checks, exposing **Apple**, **Samsung**, and **Google Windows** file-sharing stacks to local disruption a...
AirDrop and Quick Share nearby crash and session-bypass flaws security flaw
VulnerabilityAbout this happening: Nearby attackers can crash **AirDrop** and bypass **Quick Share** session checks, exposing **Apple**, **Samsung**, and **Google Windows** file-sharing stacks to local disruption a...
WhatsApp contempt motion against NSO Group
Regulatory/Legal Action
H score33
First: 09.06.2026 11:15
Last: 09.06.2026 11:15
Sources 1
About this happening:
WhatsApp moved the **US court** to hold **NSO Group** in contempt over a **permanent injunction** tied to spyware targeting of users. The company says NSO violated the order by us...
WhatsApp contempt motion against NSO Group
Regulatory/Legal ActionAbout this happening: WhatsApp moved the **US court** to hold **NSO Group** in contempt over a **permanent injunction** tied to spyware targeting of users. The company says NSO violated the order by us...
NSO Group WhatsApp spear-phishing campaign
Campaign
H score37
First: 08.06.2026 20:08
Last: 08.06.2026 20:08
Sources 1
About this happening:
**NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...
NSO Group WhatsApp spear-phishing campaign
CampaignAbout this happening: **NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...
AI-driven attack surge against customer-facing mobile apps in 2026
Trend
H score43
First: 19.05.2026 15:00
Last: 19.05.2026 15:00
Sources 1
About this happening:
**Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
AI-driven attack surge against customer-facing mobile apps in 2026
TrendAbout this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
Timeline
-
07.11.2025 17:29 3 articles · 8mo ago
Landfall spyware targeting Samsung Galaxy phones
Initial DisclosureThe first observed phase was the **zero-day delivery** of **Landfall** to **Samsung Galaxy** users through a **specially crafted DNG image** sent over **WhatsApp**. That initial compromise path enabled code execution through **CVE-2025-21042** and set up device surveillance.
Show sources
- Landfall Android Spyware Targeted Samsung Phones via Zero-Day — www.securityweek.com — 07.11.2025 17:29
- Landfall Android Spyware Targeted Samsung Phones via Zero-Day — www.securityweek.com — 07.11.2025 17:29
- CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users — thehackernews.com — 25.11.2025 08:42