"Samsung Phones Compromised by Rogue Spyware for 9 Months"

Sophisticated Spyware Targets Samsung Phones for Almost a Year, Stealing Sensitive User Data A highly sophisticated commercial spyware, dubbed "Landfall," has been discovered targeting Samsung Galaxy phones for nearly a year, exploiting a previously unknown vulnerability in the Android software to steal sensitive user data. The malware, which was active from July 2024 to April 2025, is believed to have been used in targeted surveillance operations in the Middle East, with the true perpetrators remaining unknown. According to researchers at Unit 42, the threat intelligence arm of Palo Alto Networks, the Landfall spyware leveraged a zero-day exploit in Samsung Android software to steal a raft of personal data. The underlying vulnerability, now catalogued as CVE-2025-21042, was patched by Samsung in April 2025, effectively ending the attacks. However, the researchers warn that the vulnerability was exploited for almost a year, leaving many users vulnerable to targeted surveillance. The Landfall spyware was first detected in July 2024, and it is believed to have been used in targeted operations in the Middle East. The true perpetrators behind the attacks remain unknown, but experts warn that the use of zero-click attacks, which can compromise systems without user interaction, is a growing concern. "The revelation highlights the ongoing threat of zero-click attacks, which can compromise systems without user interaction," said a spokesperson for Unit 42. "This underscores the need for robust cybersecurity measures to protect against such sophisticated threats." The researchers at Unit 42 say that the Landfall spyware was designed to steal sensitive user data, including personal identifiable information, location data, and other sensitive information. The malware was able to bypass security measures and exploit the vulnerability in the Android software, allowing it to steal data without the user's knowledge or consent. The discovery of the Landfall spyware highlights the ongoing threat of commercial spyware and the need for robust cybersecurity measures to protect against such threats. Experts warn that the use of zero-click attacks is a growing concern, and that users must take steps to protect themselves against such threats. "The use of zero-click attacks is a serious concern, and users must take steps to protect themselves against such threats," said a spokesperson for Palo Alto Networks. "This includes keeping software up to date, using robust security measures, and being cautious when interacting with unknown sources." The current status of the Landfall spyware is that it is no longer active, thanks to the patch issued by Samsung in April 2025. However, experts warn that the vulnerability was exploited for almost a year, leaving many users vulnerable to targeted surveillance. Users are advised to check their software for updates and to take steps to protect themselves against such threats. In conclusion, the discovery of the Landfall spyware highlights the ongoing threat of commercial spyware and the need for robust cybersecurity measures to protect against such threats. Experts warn that the use of zero-click attacks is a growing concern, and that users must take steps to protect themselves against such threats.