Landfall spyware targeting Samsung Galaxy phones
Malware Activity
Summary
Hide ▲
Show ▼
Landfall is an Android spyware operation that used CVE-2025-21042 in a Samsung image processing library to compromise Samsung Galaxy phones and enable surveillance plus data theft. The activity matters because the spyware could record microphone audio, track location, and steal photos, contacts, and call logs from infected devices. Evidence indicates the attacks were active since at least July 2024 and likely used a zero-click delivery path through WhatsApp. A later CISA alert also tied LANDFALL to a targeted campaign that exploited Samsung CVE-2025-21042 to deliver Android spyware to Galaxy devices in the Middle East.
Related Happenings
AI-driven attack surge against customer-facing mobile apps in 2026
Target Trend
First: 19.05.2026 15:00
Last: 19.05.2026 15:00
Sources 1
About this happening:
**Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
AI-driven attack surge against customer-facing mobile apps in 2026
Target TrendAbout this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
Mirax Android banking trojan with residential proxy nodes
Malware Activity
First: 13.04.2026 17:30
Last: 13.04.2026 17:30
Sources 1
About this happening:
Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Mirax Android banking trojan with residential proxy nodes
Malware ActivityAbout this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Bitter Middle East spear-phishing campaign targeting civil society figures
Campaign
First: 09.04.2026 13:45
Last: 09.04.2026 13:45
Sources 1
About this happening:
A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...
Bitter Middle East spear-phishing campaign targeting civil society figures
CampaignAbout this happening: A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...
Perseus Android note-stealing and remote-control malware activity
Malware Activity
First: 19.03.2026 12:13
Last: 19.03.2026 12:13
Sources 1
About this happening:
The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...
Perseus Android note-stealing and remote-control malware activity
Malware ActivityAbout this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...
Coruna iOS mass exploitation wave
Exploitation Wave
First: 04.03.2026 15:28
Last: 04.03.2026 15:28
Sources 1
About this happening:
The **Coruna** exploit kit marks the **first observed mass exploitation against iOS devices**, shifting risk from highly targeted spyware to **broad deployment** against **iPhone...
Coruna iOS mass exploitation wave
Exploitation WaveAbout this happening: The **Coruna** exploit kit marks the **first observed mass exploitation against iOS devices**, shifting risk from highly targeted spyware to **broad deployment** against **iPhone...
Timeline
-
07.11.2025 17:29 3 articles · 6mo ago
Landfall spyware targeting Samsung Galaxy phones
Initial DisclosureThe first observed phase was the **zero-day delivery** of **Landfall** to **Samsung Galaxy** users through a **specially crafted DNG image** sent over **WhatsApp**. That initial compromise path enabled code execution through **CVE-2025-21042** and set up device surveillance.
Show sources
- Landfall Android Spyware Targeted Samsung Phones via Zero-Day — www.securityweek.com — 07.11.2025 17:29
- Landfall Android Spyware Targeted Samsung Phones via Zero-Day — www.securityweek.com — 07.11.2025 17:29
- CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users — thehackernews.com — 25.11.2025 08:42