Security researchers have uncovered a sophisticated Android spyware named ‘Landfall’ that targeted Samsung Galaxy phones over an extensive hacking campaign lasting close to a year.
According to Palo Alto Networks’ Unit 42, ‘Landfall’ exploited a zero-day vulnerability in Galaxy phone software, enabling attackers to compromise devices without user interaction. By sending a specially crafted image via messaging apps, malicious actors could infiltrate the devices.
Samsung addressed the security flaw, identified as CVE-2025-21042, in April 2025. However, the specifics of the spyware operation leveraging this flaw had not been previously disclosed.
While the creators of the spyware remain unknown, researchers suspect the attacks primarily targeted individuals in the Middle East. This precision targeting suggests espionage motives rather than widespread malware distribution.
Notably, ‘Landfall’ shares infrastructure similarities with a surveillance vendor known as Stealth Falcon, previously associated with spying on Emirati journalists, activists, and dissidents. However, concrete attribution to a specific government client was not established.
Instances of ‘Landfall’ spyware were traced back to individuals in Morocco, Iran, Iraq, and Turkey, underscoring the global impact of this targeted hacking campaign.
Source: TechCrunch