Hustler Words – A sophisticated Android spyware, dubbed "Landfall," has been uncovered targeting Samsung Galaxy smartphones through a zero-day vulnerability. Security researchers at Palo Alto Networks’ Unit 42 discovered the nearly year-long hacking campaign, which began in July 2024 and exploited a previously unknown flaw in Samsung’s software.
The Landfall spyware leveraged the zero-day, now tracked as CVE-2025-21042, by delivering a malicious image to the victim’s device, potentially through a messaging application. This attack vector may not have required any user interaction, making it particularly insidious. Samsung issued a patch for the vulnerability in April 2025, but the details of the spyware campaign have remained undisclosed until now.
While the developers of Landfall remain unknown, Unit 42’s investigation suggests a targeted approach, indicating espionage rather than mass malware distribution. Itay Cohen, a senior principal researcher at Unit 42, described the campaign as a "precision attack" aimed at specific individuals, likely in the Middle East.
Related Post
Intriguingly, Landfall shares digital infrastructure with Stealth Falcon, a known surveillance vendor previously linked to spyware attacks against Emirati journalists, activists, and dissidents. However, the researchers emphasize that this connection is not conclusive enough to attribute the attacks to a specific government entity.
Samples of the Landfall spyware were uploaded to VirusTotal from various locations, including Morocco, Iran, Iraq, and Turkey, throughout 2024 and early 2025. Furthermore, Turkey’s national cyber readiness team (USOM) flagged one of the IP addresses associated with Landfall as malicious, suggesting potential targeting of individuals in Turkey.
Like many government-grade spyware tools, Landfall possesses extensive surveillance capabilities, including accessing photos, messages, contacts, call logs, and even remotely activating the device’s microphone and tracking its location.
Unit 42’s analysis of the spyware’s source code revealed that it specifically targeted Galaxy S22, S23, S24, and certain Z series models. Cohen noted that the vulnerability might have affected other Galaxy devices running Android versions 13 through 15.
Samsung has not yet responded to requests for comment on the Landfall spyware and its impact on Galaxy phone users.
Leave a Comment