‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones
Security researchers have discovered an Android spyware that targeted Samsung Galaxy phones during a nearly year-long hacking campaign. Researchers at Palo Alto Networks’ Unit 42 said the spyware, which they call “Landfall,” was first detected in July 2024 and relied on exploiting a security flaw in the Galaxy phone software that was unknown to Samsung at the time, a type of vulnerability known as a zero-day. Unit 42 said the flaw could be abused by sending a maliciously crafted image to a victim’s phone, likely delivered through a messaging app, and that the attacks may not have required any interaction from the victim. Samsung patched the security flaw — tracked as CVE-2025-21042 — in April 2025, but details of the spyware campaign abusing the flaw have not…
