Samsung Galaxy Phones Hit by ‘Landfall’ Spyware Exploit

A new spyware campaign has put Samsung Galaxy phones in the spotlight once again. According to a TechCrunch report, cybersecurity researchers discovered that a powerful Android spyware named Landfall targeted Galaxy devices for nearly a year before being patched.

Spyware Exploited an Unknown Vulnerability

Researchers at Palo Alto Networks’ Unit 42 first detected Landfall in July 2024. The spyware exploited a zero-day flaw in Samsung’s software — a vulnerability unknown to the company at the time.
The flaw, tracked as CVE-2025-21042, allowed attackers to compromise devices simply by sending a malicious image. Shockingly, users didn’t even need to interact with the message for the spyware to take control.

Attackers Focused on Specific Galaxy Models

The Landfall campaign reportedly focused on several popular Samsung Galaxy phones, including the Galaxy S22, S23, S24, and some Galaxy Z models.
Unit 42 believes the flaw also affected other Galaxy devices running Android 13 through 15. The attacks were not widespread but targeted, hinting at a precision espionage campaign against selected individuals.

Who Was Behind the Attacks?

While researchers could not identify the exact surveillance vendor, Landfall shared digital infrastructure links with a group known as Stealth Falcon — previously tied to cyberattacks on journalists and activists in the Middle East.
The spyware samples were uploaded from Morocco, Iran, Iraq, and Turkey, suggesting victims were likely based in those regions.

Samsung Patched the Flaw in April 2025

Samsung quietly patched the vulnerability in April 2025, ending the year-long campaign. However, the company has not yet issued a public statement.
The spyware reportedly gave attackers full access to victims’ phones, including messages, photos, contacts, call logs, location data, and even microphone recordings — raising serious concerns over user privacy and security.

What It Means for Galaxy Users

The discovery once again highlights how zero-day exploits can turn everyday smartphones into surveillance tools. Users of Samsung Galaxy phones are advised to keep their devices updated to the latest security patch to stay protected.