Urgent: New Spyware Targets Samsung Galaxy Phones, Exploiting Zero-Day Flaw

URGENT UPDATE: Security researchers have uncovered a sophisticated Android spyware named Landfall that has been targeting Samsung Galaxy phones for nearly a year. The Unit 42 team at Palo Alto Networks revealed that this spyware exploited a critical security vulnerability, known as a zero-day, first detected in July 2024.

This alarming revelation comes as researchers detail how the spyware was able to infiltrate devices by sending maliciously crafted images, likely through messaging apps, without user interaction. The vulnerability, tracked as CVE-2025-21042, was patched by Samsung in April 2025, but details of the spyware campaign exploiting this flaw have just emerged.

The attacks predominantly targeted individuals in the Middle East, with evidence suggesting that victims were carefully selected for espionage purposes rather than mass surveillance. Itay Cohen, a senior researcher at Unit 42, stated that the hacking campaign was a “precision attack” aimed at particular individuals, indicating a strategic motive behind the infiltration.

Unit 42’s findings link the Landfall spyware to a known surveillance vendor, Stealth Falcon, notorious for targeting journalists and dissidents since 2012. However, the researchers caution that these connections do not definitively attribute the attacks to any specific government entity.

The malware samples associated with Landfall were uploaded from various locations, including Morocco, Iran, Iraq, and Turkey, throughout 2024 and early 2025. In a concerning turn, Turkey’s national cyber readiness team, USOM, flagged one of the spyware’s IP addresses as malicious, raising suspicions that Turkish individuals may have been specifically targeted.

Landfall spyware is capable of extensive surveillance, allowing access to personal data—photos, messages, contacts, and call logs—as well as tapping into device microphones and tracking precise locations. The spyware’s code references specific Galaxy models, including the Galaxy S22, S23, S24, and various Z models. Researchers believe the vulnerability may extend to other Galaxy devices running Android versions 13 through 15.

This developing story raises urgent concerns about privacy and security for millions of Samsung users globally. As investigations continue, experts emphasize the importance of immediate vigilance and updates for affected devices.

While Samsung has yet to respond to requests for comment, the implications of this spyware are profound, affecting not just individual privacy but also broader issues of digital security and state-sponsored surveillance.

Stay tuned for further updates as this situation evolves, and ensure your devices are secured against potential threats.