Samsung Phones Vulnerable to Sophisticated Spyware for Almost a Year

Researchers at Unit 42, the threat intelligence arm of Palo Alto Networks, have revealed a sophisticated spyware known as Landfall that targeted Samsung Galaxy phones for nearly a year. The campaign leveraged a zero-day exploit in Samsung Android software to steal a range of personal data, including sensitive information. The underlying vulnerability, catalogued as CVE-2025-21042, was patched by Samsung in April 2025, but details of the attack have only been revealed now. According to Unit 42, Landfall first appeared in July 2024 and was most likely used to target specific groups in the Middle East for surveillance. The team believes the attacks were carried out using a software flaw that allowed hackers to gain unauthorized access to sensitive data on Samsung Galaxy phones. "This campaign highlights the importance of timely patching and vulnerability management," said a spokesperson for Unit 42. "We urge all users to ensure their devices are up-to-date with the latest security patches to prevent similar attacks in the future." The use of zero-day exploits to target Android devices is not a new phenomenon, but the sophistication and scale of the Landfall campaign are notable. "The fact that this campaign was able to evade detection for nearly a year is a testament to the ingenuity of the attackers," said a cybersecurity expert, who wished to remain anonymous. "It also highlights the need for greater collaboration between device manufacturers, security researchers, and law enforcement agencies to combat the growing threat of mobile malware." The Landfall campaign is believed to have been carried out in the Middle East, where the use of spyware to target individuals for surveillance is a growing concern. In recent years, several high-profile cases of spyware use have been reported in the region, including the use of Pegasus spyware to target human rights activists and journalists. The use of Landfall to target Samsung Galaxy phones in the Middle East is likely to raise concerns about the potential for similar attacks in the future. Samsung has not commented publicly on the Landfall campaign, but the company has issued a statement urging users to ensure their devices are up-to-date with the latest security patches. The company has also taken steps to improve its vulnerability management processes, including the establishment of a dedicated security team to identify and address potential vulnerabilities in its software. As the investigation into the Landfall campaign continues, cybersecurity experts are urging users to remain vigilant and take steps to protect themselves from similar attacks in the future. "The use of zero-day exploits to target Android devices is a growing concern, and users need to be aware of the risks and take steps to protect themselves," said the cybersecurity expert. "This includes ensuring devices are up-to-date with the latest security patches, using reputable antivirus software, and being cautious when downloading apps from unknown sources."