Urgent: “Landfall” Spyware Exploits Zero-Day Flaw in Samsung Galaxy

URGENT UPDATE: Security researchers have uncovered a sophisticated spyware, dubbed “Landfall,” that exploited a critical zero-day vulnerability to compromise Samsung Galaxy phones over the past year. The findings, released by researchers at Palo Alto Networks’ Unit 42, reveal that this malicious software first emerged in July 2024 and targeted specific individuals in the Middle East.

The spyware exploited a previously unknown flaw in Samsung’s software, tracked as CVE-2025-21042. Attackers could infiltrate devices by sending a malicious image via messaging apps, often without any interaction from the victim. This alarming capability underscores the spyware’s potential for extensive surveillance, allowing access to sensitive data, including photos, messages, and even real-time location tracking.

Samsung addressed this security flaw in a patch released in April 2025, but details regarding the extensive hacking campaign remained undisclosed until now. Researchers noted that the spyware campaign was not a broad-based attack; rather, it was a “precision attack” focused on select individuals, suggesting motives linked to espionage.

Unit 42’s investigation revealed that the Landfall spyware shares infrastructure with a known surveillance vendor, Stealth Falcon, notorious for targeting journalists and activists in the region since 2012. However, researchers have not definitively attributed the spyware to a specific government entity.

During their study, Unit 42 identified that samples of the Landfall spyware had been uploaded to VirusTotal from users in Morocco, Iran, Iraq, and Turkey throughout 2024 and early 2025. Notably, Turkey’s national cyber readiness team, USOM, flagged one of the spyware’s connected IP addresses as malicious, further supporting the theory that Turkish individuals may have been among those targeted.

The spyware’s source code indicates it is designed for specific Galaxy phone models, including the Galaxy S22, S23, S24, and several Z models. Itay Cohen, a senior principal researcher at Unit 42, expressed concerns over the potential vulnerability across other Galaxy devices, impacting Android versions 13 through 15.

As the implications of this discovery unfold, users of Samsung Galaxy phones are urged to ensure their devices are updated with the latest security patches. The global implications of this spyware, especially concerning privacy and security, cannot be overstated.

Samsung did not respond to requests for comment, leaving many questions unanswered about the extent of the threat and potential safeguards for users. This developing story highlights the urgent need for ongoing vigilance and security measures in the face of emerging digital threats.

Stay tuned for more updates as this situation evolves.