Introduction to the New Android Spyware Threat
A new form of Android spyware, named LANDFALL, has been discovered by cybersecurity researchers, and it has been targeting Samsung Galaxy devices in the Middle East. According to a recent report, Morocco is one of the potential victims. This information was shared by Unit 42, the cybersecurity research team at Palo Alto Networks.
How the Malware Spreads
The malware spreads through malicious image files that mimic WhatsApp-style filenames. This suggests that attackers are trying to exploit users through messaging apps. The first samples of LANDFALL were identified in July 2024 and remained active and undetected for several months.
Features of the Spyware
LANDFALL is designed for stealth, persistence, and data theft. It can collect sensitive information from infected devices. The spyware exploits a vulnerability in Samsung devices that was actively targeted in the wild before being patched in April 2025. Later, Samsung addressed another related vulnerability in September 2025, offering additional protection against such threats.
Targeted Countries
According to the Unit 42 report, which cited VirusTotal data, potential victims of LANDFALL are not only in Morocco but also in Iraq, Iran, and Turkey. This indicates a broader regional impact.
Cyber Threats in Morocco
The discovery of LANDFALL comes at a time when cyber threats are increasing in Morocco. Earlier research conducted by the cybersecurity firm Cleafy revealed that a Chinese-speaking hacker group developed PlayPraetor, which infected over 11,000 Android devices worldwide within three months.
Morocco was the most targeted country in Africa, accounting for approximately 22% of attacks on the continent. Both malware families—LANDFALL and PlayPraetor—are capable of stealing sensitive data, taking control of devices, and enabling on-device fraud. This highlights the growing risks faced by Moroccan smartphone users.
Recommendations for Users
Cybersecurity experts advise users to keep their devices updated with the latest security patches. They also recommend exercising caution when opening files from unknown sources. These steps can significantly reduce the risk of falling victim to such cyber threats.
Conclusion
As the threat landscape continues to evolve, staying informed and proactive about cybersecurity measures is essential. With the emergence of new spyware like LANDFALL, users must remain vigilant and take necessary precautions to protect their personal information and devices.