InfoSecBulletin Cybersecurity for mankind
Security researchers found Android spyware that targeted Samsung Galaxy phones for almost a year. Researchers at Palo Alto Networks’ Unit 42 said the spyware, which they call “Landfall,” was first detected in July 2024 and relied on exploiting a security flaw in the Galaxy phone software that was unknown to Samsung at the time, a type of vulnerability known as a zero-day.
Unit 42 reported that a flaw can be exploited by sending a harmful image to a victim’s phone, possibly via a messaging app, potentially without any victim interaction.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Samsung patched the security flaw — tracked as CVE-2025-21042 — in April 2025, but details of the spyware campaign abusing the flaw have not been previously reported.
Researchers stated in a blog post that the creator of the Landfall spyware is unknown, as is the number of individuals targeted. They believe the attacks likely focused on people in the Middle East.
TechCrunch quoted Itay Cohen, a senior principal researcher at Unit 42 that the hacking campaign consisted of a “precision attack” on specific individuals and not a mass-distributed malware, which indicates that the attacks were likely driven by espionage.
Unit 42 discovered that the Landfall spyware uses some of the same digital infrastructure as Stealth Falcon, a surveillance vendor involved in spyware attacks against Emirati journalists and activists since 2012. However, researchers concluded that these connections alone do not definitively link the attacks to a specific government.
Unit 42 said that the Landfall spyware samples that they discovered had been uploaded to VirusTotal, a malware scanning service, from individuals in Morocco, Iran, Iraq, and Turkey throughout 2024 and early 2025.
Turkey’s national cyber readiness team, USOM, identified one of the IP addresses linked to the Landfall spyware as malicious. Unit 42 suggests this indicates possible targeting of individuals in Turkey.
Landfall, like other government spyware, can extensively surveil devices. It can access photos, messages, contacts, call logs, tap the microphone, and track precise locations.
Unit 42 discovered that the spyware targeted five Galaxy phones, including the S22, S23, S24, and some Z models. Cohen indicated that the vulnerability could also affect other Galaxy devices running Android versions 13 to 15.
Samsung did not respond to a request for comment.
