Hackers Exploited WhatsApp Images to Silently Spy on Samsung Galaxy Users
A sophisticated, year-long surveillance campaign, dubbed ‘Landfall,’ compromised Samsung Galaxy devices through malicious images sent via whatsapp. The operation, which targeted users primarily in Turkey, Iran, Iraq, and Morocco, allowed attackers to turn phones into fully-fledged surveillance tools, capable of recording calls, stealing photos and messages, accessing contacts, and tracking real-time movements.
The campaign began in mid-2024 and remained undetected for several months. Investigators at Unit 42 discovered the activity while analyzing Google’s VirusTotal database, identifying infected DNG (Digital Negative) image files uploaded from the Middle East containing identical malicious code.
Affected Samsung models included the Galaxy S22, S23, S24, Z fold 4, and Z Flip 4. While Samsung was alerted to the vulnerability in September 2024, a security patch wasn’t released until April 2025, leaving devices vulnerable for approximately six months.
Researchers have noted potential links between ‘Landfall’ and Stealth Falcon, a known cyber-espionage group previously associated with spyware attacks targeting journalists and human rights activists in the UAE. However, Unit 42 has refrained from attributing the campaign to a specific actor due to insufficient evidence.
“This was a precision strike, not a mass campaign,” stated Itay Cohen, Senior Principal Researcher at Unit 42. “That strongly indicates espionage motives rather than financial gain.”
Turkey’s national cyber agency flagged one of the spyware’s command-and-control servers as malicious, suggesting Turkish users were likely among those targeted.
Samsung has confirmed that devices running the latest software updates are now protected, having patched the vulnerability. The incident highlights the increasing sophistication of modern spyware, demonstrating that a single image sent through a trusted application like WhatsApp can be sufficient to compromise a device.
“You don’t need to click a link anymore to be hacked. The image itself can do the job,” a cybersecurity analyst commented, underscoring the evolving threat landscape.
The ‘Landfall’ case raises critical concerns regarding digital privacy,national security,and the growing capabilities of cyber-espionage tools targeting both individuals and state entities.
