"Samsung Phones Infected with Rogue Spyware for Almost a Year"

Sophisticated Spyware Targets Samsung Phones for Almost a Year, Stealing Sensitive User Data A highly sophisticated commercial spyware, dubbed "Landfall," has been discovered targeting Samsung Galaxy phones for nearly a year, exploiting a previously unknown vulnerability in the Android software to steal sensitive user data. According to researchers at Unit 42, the threat intelligence arm of Palo Alto Networks, the malware was active from July 2024 to April 2025, compromising the security of millions of Samsung users worldwide. The researchers say that Landfall first appeared in July 2024, relying on a software flaw now catalogued as CVE-2025-21042. The vulnerability, which was not publicly known until now, allowed the malware to gain unauthorized access to user data, including personal information and sensitive files. Thankfully, Samsung issued a patch for its phones in April 2025, which has since been applied to millions of devices, effectively ending the attacks. The revelation highlights the ongoing threat of zero-click attacks, which can compromise systems without user interaction, and underscores the need for robust cybersecurity measures to protect against such sophisticated threats. According to a report by Unit 42, the attacks were most likely targeted at specific groups, with the true perpetrators remaining unknown. "We've seen a significant increase in the use of zero-click attacks in recent years, and this is just another example of how sophisticated these threats can be," said Ryan Olson, Unit 42's head of threat intelligence. "The fact that Landfall was able to evade detection for so long is a testament to the complexity of these attacks, and the need for continued vigilance from both users and manufacturers." The Middle East is believed to be one of the primary targets of the Landfall attacks, with researchers suggesting that the malware was used in targeted surveillance operations. However, the exact scope and scale of the attacks remain unclear, and an investigation is ongoing to determine the full extent of the damage. Samsung has since issued a statement confirming the existence of the vulnerability and the patch that was issued to address it. "We take the security of our customers' data very seriously, and we are committed to providing the highest level of protection against threats like Landfall," said a spokesperson for the company. As the investigation into the Landfall attacks continues, cybersecurity experts are urging users to remain vigilant and take steps to protect themselves against similar threats. "This is a wake-up call for all of us, and a reminder of the importance of staying up-to-date with the latest security patches and best practices," said Olson. In the meantime, Samsung users are advised to check their devices for the latest software updates and apply the patch as soon as possible to ensure their security is not compromised. As the world becomes increasingly dependent on mobile devices, the threat of sophisticated spyware like Landfall serves as a stark reminder of the need for continued vigilance and innovation in the field of cybersecurity.