URGENT UPDATE: Security researchers have just revealed a sophisticated Android spyware, named Landfall, that exploited a zero-day vulnerability to hack into Samsung Galaxy phones during a nearly year-long campaign. Discovered by analysts at Palo Alto Networks’ Unit 42, this alarming situation sheds light on potential espionage activities targeting individuals in the Middle East.
The spyware was first identified in July 2024 and made use of an unknown security flaw in Galaxy phone software, tracked as CVE-2025-21042. The vulnerability allowed hackers to send a maliciously crafted image, likely via a messaging app, capable of breaching the device without any user interaction. Samsung promptly patched this critical flaw in April 2025, but the spyware’s campaign remains largely unreported until now.
Researchers believe that the hacking campaign was a “precision attack” aimed at specific individuals rather than a broad malware distribution, indicating a strong likelihood of espionage. According to Itay Cohen, a senior principal researcher at Unit 42, the spyware’s design points to targeted operations against individuals rather than a mass approach.
While the exact developer of Landfall remains unidentified, Unit 42 found links to a known surveillance vendor known as Stealth Falcon, which has a history of targeting journalists and activists, particularly in the UAE since 2012. However, the researchers caution that these connections do not definitively attribute the attacks to a particular government.
The investigation revealed that Landfall spyware samples were uploaded to VirusTotal from users in Turkey, Morocco, Iran, and Iraq throughout 2024 and early 2025. Turkish authorities, specifically the national cyber readiness team known as USOM, flagged one of the spyware’s IP addresses as malicious, reinforcing the theory that individuals in Turkey were targeted.
This spyware can access a wide range of personal data, including photos, messages, contacts, call logs, and even activate the device’s microphone for surveillance. The source code of Landfall specifically referenced five Galaxy models, including the Galaxy S22, S23, S24, and select Z models. Furthermore, Cohen noted that the vulnerability might also affect other Galaxy devices running Android versions 13 through 15.
As the implications of this discovery unfold, it is crucial for affected individuals and Samsung users to remain vigilant. The potential for widespread surveillance and data breaches raises significant concerns over privacy and security.
Stay tuned for more updates as this situation develops. Samsung has yet to respond to requests for comments regarding the spyware’s impact and ongoing threats.
