Join on WhatsApp
Join on Telegram
Mohammedia – A sophisticated spyware operation quietly targeted Samsung Galaxy phones for almost a year, using an unknown loophole that allowed hackers to spy on victims without them ever clicking a link or downloading anything.
Researchers from Palo Alto Networks’ Unit 42 discovered the malware, named “Landfall,” and revealed that it had been active since July 2024, with evidence of infections detected in Morocco, Iran, Iraq, and Turkey.
The spyware was able to sneak into phones through a booby-trapped image—likely sent via a messaging app—and immediately gained access to personal data once received.
The flaw, later identified as CVE-2025-21042, affected several recent Galaxy models, including the S22, S23, S24, and some Z series devices. Samsung fixed the issue in April 2025, but the details of the campaign only came to light after months of investigation.
A targeted espionage campaign
Unlike common malware that spreads widely for profit, Landfall was part of what experts describe as a “precision attack,” meaning it was designed to spy on a small number of selected individuals rather than the general public.
Once inside, the spyware could monitor nearly every corner of a person’s phone, from messages, photos, and contacts to live microphone recordings and real-time location data.
Researchers believe the attack was likely driven by espionage motives, though the full list of victims remains unknown.
The digital trail shows overlap between Landfall’s infrastructure and Stealth Falcon, a surveillance group previously linked to spying on journalists and activists in the United Arab Emirates.
However, the investigators stopped short of directly blaming any government or specific actor, saying there wasn’t enough evidence to confirm who was behind it.
One of the infected servers was even flagged by Turkey’s national cybersecurity team, confirming the campaign’s reach in the region.
Samsung did not respond to requests for comment, but had already patched the flaw by the time the revelations surfaced.
Still, experts warn that the case highlights how quickly sophisticated actors can exploit undiscovered weaknesses, and how quietly digital surveillance can unfold—even from a simple image sent to a phone.
