Skip to content

JOBUZO

  • News
  • Indonesia
  • Toggle search form
‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones

‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones

Posted on 7 November 2025 By jobuzo

Security researchers have discovered an Android spyware that targeted Samsung Galaxy phones during a nearly year-long hacking campaign.

Researchers at Palo Alto Networks’ Unit 42 said the spyware, which they call “Landfall,” was first detected in July 2024 and relied on exploiting a security flaw in the Galaxy phone software that was unknown to Samsung at the time, a type of vulnerability known as a zero-day. 

Unit 42 said the flaw could be abused by sending a maliciously crafted image to a victim’s phone, likely delivered through a messaging app, and that the attacks may not have required any interaction from the victim. 

Samsung patched the security flaw — tracked as CVE-2025-21042 — in April 2025, but details of the spyware campaign abusing the flaw have not been previously reported.

The researchers said in a blog post that it’s not known which surveillance vendor developed the Landfall spyware, nor is it known how many individuals were targeted as part of the campaign. But the researchers said that the attacks likely targeted individuals in the Middle East.

Itay Cohen, a senior principal researcher at Unit 42, told TechCrunch that the hacking campaign consisted of a “precision attack” on specific individuals and not a mass-distributed malware, which indicates that the attacks were likely driven by espionage.

News :<div>12 weeks' jail for school IT support technician who took upskirt videos of teachers</div>

Unit 42 found that the Landfall spyware shares overlapping digital infrastructure used by a known surveillance vendor dubbed Stealth Falcon, which has been previously seen in spyware attacks against Emirati journalists, activists, and dissidents as far back as 2012. But the researchers said that the links with Stealth Falcon, while intriguing, were not enough to clearly attribute the attacks to a particular government customer.

Unit 42 said that the Landfall spyware samples that they discovered had been uploaded to VirusTotal, a malware scanning service, from individuals in Morocco, Iran, Iraq, and Turkey throughout 2024 and early 2025.

Turkey’s national cyber readiness team, known as USOM, flagged one of the IP addresses that the Landfall spyware connected to as malicious, which Unit 42 said supports the theory that individuals in Turkey may have been targeted.

Much like other government spyware, Landfall is capable of broad device surveillance, such as accessing the victim’s data, including photos, messages, contacts and call logs, as well as the tapping of the device’s microphone and tracking their precise location.

Unit 42 found that the spyware’s source code referenced five specific Galaxy phones, including the Galaxy S22, S23, S24, and some Z models, as targets. Cohen said that the vulnerability may have also been present on other Galaxy devices, and affected Android versions 13 through 15. 

Samsung did not respond to a request for comment.

News :Migrant acquitted in first trial over US border military zones

‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones


News

Post navigation

Previous Post: Chinese AI models comparable to US ones in frontier risks, study finds
Next Post: 11 Glam Holiday Party Bags We’re Loving RN, Starting at $28

Related Posts

Samsung Galaxy S26 Ultra FINALLY Gets Rounded Corners! (Major Design CONFIRMED) Samsung Galaxy S26 Ultra FINALLY Gets Rounded Corners! (Major Design CONFIRMED) News
Kalu’s 17 lead Charleston over William & Mary 88-79 News
Flanked by business leaders, Macron meets Xi as EU prepares tougher trade rules Flanked by business leaders, Macron meets Xi as EU prepares tougher trade rules News

Latest

  • From the Frontline: Flights take off, but peace has yet to land
  • World Cup European champions to square off at Dallas semifinals
  • 29 countries sign agreement on establishing WAICO
  • China’s Xi warns against AI dominance by any one country, urges global cooperation
  • Report says Vance received private message from Iran against Kushner and Witkoff; VP refutes claim
  • Samsung Galaxy Z Fold 8 WIDE: Specs, Price, and Release Date Leaked!
  • Trump airs sensational claims about ‘meddling’, data theft and fraud in US elections
  • Craig Melvin Breaks Silence on ‘Today’ Show Intruder Arrest
  • San Francisco mayor pushes for tougher rules after the Waymo traffic fiasco
  • SpaceX suddenly aborts second Starship V3 launch after ignition

Copyright © 2025 JOBUZO. Disclaimers | Privacy Policies

Powered by PressBook Masonry Blogs