5 months ago
65
Security researchers person discovered an Android spyware that targeted Samsung Galaxy phones during a astir year-long hacking campaign.
Researchers astatine Palo Alto Networks’ Unit 42 said the spyware, which they telephone “Landfall,” was archetypal detected successful July 2024 and relied connected exploiting a information flaw successful the Galaxy telephone bundle that was chartless to Samsung astatine the time, a benignant of vulnerability known arsenic a zero-day.
Unit 42 said the flaw could beryllium abused by sending a maliciously crafted representation to a victim’s phone, apt delivered done a messaging app, and that the attacks whitethorn not person required immoderate enactment from the victim.
Samsung patched the information flaw — tracked arsenic CVE-2025-21042 — successful April 2025, but details of the spyware run abusing the flaw person not been antecedently reported.
The researchers said it’s not known which surveillance vendor developed the Landfall spyware, nor is it known however galore individuals were targeted arsenic portion of the campaign. But the researchers said that the attacks apt targeted individuals successful the Middle East.
Itay Cohen, a elder main researcher astatine Unit 42, told TechCrunch that the hacking run consisted of a “precision attack” connected circumstantial individuals and not a mass-distributed malware, which indicates that the attacks were apt driven by espionage.
Unit 42 recovered that the Landfall spyware shares overlapping integer infrastructure utilized by a known surveillance vendor dubbed Stealth Falcon, which has been antecedently seen successful spyware attacks against Emirati journalists, activists, and dissidents arsenic acold backmost arsenic 2012. But the researchers said that the links with Stealth Falcon, portion intriguing, were not capable to intelligibly property the attacks to a peculiar authorities customer.
Unit 42 said that the Landfall spyware samples that they discovered had been uploaded to VirusTotal, a malware scanning service, from individuals successful Morocco, Iran, Iraq, and Turkey passim 2024 and aboriginal 2025.
Turkey’s nationalist cyber readiness team, known arsenic USOM, flagged 1 of the IP addresses that the Landfall spyware connected to arsenic malicious, which Unit 42 said supports the mentation that individuals successful Turkey whitethorn person been targeted.
Much similar different authorities spyware, Landfall is susceptible of wide instrumentality surveillance, specified arsenic accessing the victim’s data, including photos, messages, contacts and telephone logs, arsenic good arsenic the tapping of the device’s microphone and tracking their precise location.
Unit 42 recovered that the spyware’s root codification referenced 5 circumstantial Galaxy phones, including the Galaxy S22, S23, S24, and immoderate Z models, arsenic targets. Cohen said that the vulnerability whitethorn person besides been contiguous connected different Galaxy devices, and affected Android versions 13 done 15.
Samsung did not respond to a petition for comment.
English (US) ·