New Delhi, Nov. 12 -- Security researchers have detailed a new Android spyware family called Landfall that was used against Samsung Galaxy devices in a months-long campaign. The operation relied on a previously unknown flaw in Samsung's image processing library. Attackers could plant the spyware by sending a single crafted image to a phone. Samsung fixed the bug in April 2025.

Unit 42, the research arm of Palo Alto Networks, says the exploit chain abused CVE-2025-21042 in the component libimagecodec.quram.so. Specially formed DNG image files triggered the flaw when the phone parsed them, giving the attacker control without any tap from the user. In practice this was a zero click delivery.

Once installed, Landfall behaved like commercial...