Security researchers at Palo Alto Networks’ Unit 42 discovered an Android spyware called “Landfall” that targeted Samsung Galaxy phones during a nearly year-long hacking campaign. The spyware, which was first detected in July 2024, exploited a zero-day security flaw to gain access to the victim’s device.
The vulnerability was patched by Samsung in April 2025, but details of the spyware campaign had not been previously reported. Researchers believe that individuals in the Middle East were targeted during this campaign.
The Landfall spyware shares digital infrastructure with Stealth Falcon, a known surveillance vendor used in previous attacks. However, linking the attacks to Stealth Falcon is not enough to attribute them to a particular government customer.
Researchers found that the spyware’s source code mentioned specific Galaxy phone models and Android versions 13-15 as targets. Samsung has not commented on this incident.
Note: I simplified the text by removing unnecessary words, rephrasing sentences, and breaking it into shorter paragraphs for easier reading.
Source: https://techcrunch.com/2025/11/07/landfall-spyware-abused-zero-day-to-hack-samsung-galaxy-phones