New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices

Nov. 7, 2025, 9:35 p.m.

Description

Unit 42 researchers have uncovered LANDFALL, a previously unknown Android spyware family targeting Samsung Galaxy devices. The spyware exploits CVE-2025-21042, a zero-day vulnerability in Samsung's image processing library, to deliver commercial-grade surveillance capabilities. LANDFALL is embedded in malicious DNG image files, likely distributed via WhatsApp, and enables comprehensive monitoring including microphone recording, location tracking, and data collection. The campaign shares infrastructure with known commercial spyware operations in the Middle East. The vulnerability has been patched, but the exploit chain remained active and undetected for months before discovery.

External References

https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
https://unit42.paloaltonetworks.com/wp-content/uploads/2025/11/09_Nation-State-cyberattacks_1920x900.jpg
https://otx.alienvault.com/pulse/690e354ec352a7329cbaf7d4
Tags
android
whatsapp
zero-day
spyware
samsung
CVE-2025-43300
CVE-2025-55177
2025-11-07
CVE-2025-21042
CVE-2025-21043
landfall
dng
commercial-grade

Date

  • Created: Nov. 7, 2025, 6:07 p.m.
  • Published: Nov. 7, 2025, 6:07 p.m.
  • Modified: Nov. 7, 2025, 9:35 p.m.

Indicators

  • ffeeb0356abb56c5084756a5ab0a39002832403bca5290bb6d794d14b642ffe2
  • d2fafc7100f33a11089e98b660a85bd479eab761b137cca83b1f6d19629dd3b0
  • c0f30c2a2d6f95b57128e78dc0b7180e69315057e62809de1926b75f86516b2e
  • b975b499baa3119ac5c2b3379306d4e50b9610e9bba3e56de7dfd3927a96032d
  • b45817ffb0355badcc89f2d7d48eecf00ebdf2b966ac986514f9d971f6c57d18
  • b06dec10e8ad0005ebb9da24204c96cb2e297bd8d418bc1c8983d066c0997756
  • a62a2400bf93ed84ebadf22b441924f904d3fcda7d1507ba309a4b1801d44495
  • 9297888746158e38d320b05b27b0032b2cc29231be8990d87bc46f1e06456f93
  • 69cf56ac6f3888efa7a1306977f431fd1edb369a5fd4591ce37b72b7e01955ee
  • 384f073d3d51e0f2e1586b6050af62de886ff448735d963dfc026580096d81bd
  • 29882a3c426273a7302e852aa77662e168b6d44dcebfca53757e29a9cdf02483
  • 2425f15eb542fca82892fd107ac19d63d4d112ddbfe698650f0c25acf6f8d78a
  • 211311468f3673f005031d5f77d4d716e80cbf3c1f0bb1f148f2200920513261
  • 92.243.65.240
  • projectmanagerskills.com
  • hotelsitereview.com
  • healthyeatingontherun.com
  • brightvideodesigns.com
Download all indicators here!

Additional Informations

  • Telecommunications
  • Government
  • Iraq
  • Iran, Islamic Republic of
  • Morocco