TechCrunch Industry News ‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones; plus CBO confirms it was hacked
Nov 7, 2025
A new Android spyware named Landfall has been using zero-day exploits to target Samsung Galaxy phones, particularly focusing on users in the Middle East. This malicious software can infect devices without user interaction, raising significant security concerns. Additionally, the Congressional Budget Office has confirmed a security breach, potentially linked to an unpatched firewall vulnerability. The implications of this breach on internal communications among lawmakers are alarming, revealing the wide-ranging risks in digital security.
AI Snips
Chapters
Transcript
Episode notes
Zero-Day Spyware Targeted Galaxy Phones
- Researchers at Palo Alto Networks' Unit 42 identified 'Landfall', a zero-day–abusing Android spyware targeting Samsung Galaxy phones.
- The campaign used a crafted image exploit to possibly achieve no-interaction remote compromise of devices running Android 13–15.
Infrastructure Links Suggest Espionage
- Landfall shared infrastructure overlaps with a known vendor labeled Stealth Falcon, linking it to past espionage targeting Emirati journalists and dissidents.
- These overlaps suggest espionage motivations but are insufficient for definitive attribution to a specific government customer.
Samples Uploaded From Middle Eastern Countries
- Unit 42 found samples uploaded to VirusTotal from Morocco, Iran, Iraq, and Turkey during 2024 and early 2025.
- Turkey's USOM flagged one Landfall IP as malicious, reinforcing likely targeting of individuals in that region.