Skip to content

JOBUZO

  • News
  • Indonesia
  • Toggle search form
‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones

‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones

Posted on 7 November 2025 By jobuzo

Security researchers have discovered an Android spyware that targeted Samsung Galaxy phones during a nearly year-long hacking campaign.

Researchers at Palo Alto Networks’ Unit 42 said the spyware, which they call “Landfall,” was first detected in July 2024 and relied on exploiting a security flaw in the Galaxy phone software that was unknown to Samsung at the time, a type of vulnerability known as a zero-day. 

Unit 42 said the flaw could be abused by sending a maliciously crafted image to a victim’s phone, likely delivered through a messaging app, and that the attacks may not have required any interaction from the victim. 

Samsung patched the security flaw — tracked as CVE-2025-21042 — in April 2025, but details of the spyware campaign abusing the flaw have not been previously reported.

The researchers said in a blog post that it’s not known which surveillance vendor developed the Landfall spyware, nor is it known how many individuals were targeted as part of the campaign. But the researchers said that the attacks likely targeted individuals in the Middle East.

Itay Cohen, a senior principal researcher at Unit 42, told TechCrunch that the hacking campaign consisted of a “precision attack” on specific individuals and not a mass-distributed malware, which indicates that the attacks were likely driven by espionage.

News :<div>12 weeks' jail for school IT support technician who took upskirt videos of teachers</div>

Unit 42 found that the Landfall spyware shares overlapping digital infrastructure used by a known surveillance vendor dubbed Stealth Falcon, which has been previously seen in spyware attacks against Emirati journalists, activists, and dissidents as far back as 2012. But the researchers said that the links with Stealth Falcon, while intriguing, were not enough to clearly attribute the attacks to a particular government customer.

Unit 42 said that the Landfall spyware samples that they discovered had been uploaded to VirusTotal, a malware scanning service, from individuals in Morocco, Iran, Iraq, and Turkey throughout 2024 and early 2025.

Turkey’s national cyber readiness team, known as USOM, flagged one of the IP addresses that the Landfall spyware connected to as malicious, which Unit 42 said supports the theory that individuals in Turkey may have been targeted.

Much like other government spyware, Landfall is capable of broad device surveillance, such as accessing the victim’s data, including photos, messages, contacts and call logs, as well as the tapping of the device’s microphone and tracking their precise location.

Unit 42 found that the spyware’s source code referenced five specific Galaxy phones, including the Galaxy S22, S23, S24, and some Z models, as targets. Cohen said that the vulnerability may have also been present on other Galaxy devices, and affected Android versions 13 through 15. 

Samsung did not respond to a request for comment.

News :Migrant acquitted in first trial over US border military zones

‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones


News

Post navigation

Previous Post: Chinese AI models comparable to US ones in frontier risks, study finds
Next Post: 11 Glam Holiday Party Bags We’re Loving RN, Starting at $28

Related Posts

Israel attacks Iran's nuclear and military sites Israel attacks Iran’s nuclear and military sites News
How is US Labor Day different from May Day? Here's what will be open and closed on holiday How is US Labor Day different from May Day? Here’s what will be open and closed on holiday News
Kharkiv residents terrorised by nine-minute-long drone barrage Kharkiv residents terrorised by nine-minute-long drone barrage News

Latest

  • Samsung Galaxy Z Fold 8 WIDE: Specs, Price, and Release Date Leaked!
  • Trump airs sensational claims about ‘meddling’, data theft and fraud in US elections
  • Craig Melvin Breaks Silence on ‘Today’ Show Intruder Arrest
  • San Francisco mayor pushes for tougher rules after the Waymo traffic fiasco
  • SpaceX suddenly aborts second Starship V3 launch after ignition
  • On-device models steal the spotlight as China’s edge AI sector heats up
  • African manufacturers look to China’s industrial experience to boost growth
  • Billions priced out of nutrition as UN says cost of healthy diet soars 25 per cent
  • Can you really eat unlimited pasta for $100? Olive Garden’s Pasta Pass explained
  • Crowd surge at Hindu festival in India leaves 1 dead and many hospitalized

Copyright © 2025 JOBUZO. Disclaimers | Privacy Policies

Powered by PressBook Masonry Blogs