WhatsApp Image Malware Targets Samsung Phones

Cybercriminals Leverage WhatsApp to Attack Samsung Users

This is how cybercriminals attack Samsung smartphones using WhatsApp images. For that, users need to be cautious while receiving photos from unknown contacts. As soon as the image is opened, malware immediately enters into the phone. Further, the malware steals user data by misusing a flaw present in Samsung's software. It installs the spyware called Landfall that secretly monitors the device. According to Palo Alto Networks, this latest cyberattack has been active for several months.

Landfall Spyware: What It Does

Once installed, Landfall spyware goes into silent spy mode to monitor phone calls and location, and records contacts. Samsung Galaxy S22, S23, S24, Z Fold 4, and Z Flip 4 devices were affected, according to the company. Main targets have been users in countries including Iran, Iraq, Morocco, and Turkey. The spyware was discovered in mid-2024 by Palo Alto Networks; it had already been at work for months.

Samsung's Response and Fix

Palo Alto Networks brought the matter to the notice of Samsung in September 2024. Samsung, in turn, confirmed that it began to take action against it in April 2025. During that time, the hackers may have accessed private information for about half a year. Now, Samsung has fixed the software flaw. It says phones having the latest software update are safe, but this case shows that no smartphone has full protection against cyber-attacks.

How the Malware Was Discovered

The malware was first discovered in submissions on Google's VirusTotal, a free repository of suspicious files shared by the public. The cybersecurity team at Palo Alto Networks, Unit 42, analyzed the uploads and discovered the malware. Their investigation indicated that espionage, not financial gain, appears to be the main goal of these attacks.