"‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones" 7 November 2025

Security researchers have discovered an Android spyware that targeted Samsung Galaxy phones during a nearly year-long hacking campaign.

Researchers at Palo Alto Networks’ Unit 42 said the spyware, which they call “Landfall,” was first detected in July 2024 and relied on exploiting a security flaw in the Galaxy phone software that was unknown to Samsung at the time, a type of vulnerability known as a zero-day...

...Samsung patched the security flaw — tracked as CVE-2025-21042 — in April 2025, but details of the spyware campaign abusing the flaw have not been previously reported.

The researchers said in a blog post that it’s not known which surveillance vendor developed the Landfall spyware, nor is it known how many individuals were targeted as part of the campaign. But the researchers said that the attacks likely targeted individuals in the Middle East...

...Turkey’s national cyber readiness team, known as USOM, flagged one of the IP addresses that the Landfall spyware connected to as malicious, which Unit 42 said supports the theory that individuals in Turkey may have been targeted...

...Samsung did not respond to a request for comment...