The Reveal Platform
Intel Name: Landfall: new commercial-grade android spyware in exploit chain targeting samsung devices
Date of Scan: November 10, 2025
Impact: High
Summary: Researchers have discovered a new Android spyware family called LANDFALL. Attackers delivered it through a zero-day flaw (CVE-2025-21042) in Samsung’s image processing library. This issue is part of a broader pattern seen across multiple mobile platforms. The vulnerability was exploited in the wild before Samsung patched it in April 2025. LANDFALL spread via malicious DNG image files sent through WhatsApp. Its delivery method mirrors recent Apple and WhatsApp exploit chains, though no new WhatsApp flaws were found.
