Samsung’s flagship telephones have been quietly in danger from spy ware for a 12 months

If there’s one factor everybody values on any smartphone, whether or not it is an Android or an iPhone, it is security. We maintain lots of private knowledge on our telephones these days, and the very last thing anybody desires is their private data falling into the fallacious fingers. Nevertheless, regardless that our telephones are continuously up to date with new firmware and safety patches, it is all the time attainable for a safety vulnerability to slide by way of the cracks, and that is sadly what just lately occurred with Samsung.

Whereas Samsung Galaxy phones are identified for his or her sturdy safety features, together with Samsung Knox, a brand new report reveals that the telephones have been susceptible to a serious malware assault for almost a 12 months (by way of Ars Technica). The invention was made by cybersecurity researchers at Palo Alto Networks’ Unit 42 division, who uncovered the spy ware vulnerability, which they’ve named “Landfall.”

The Android spy ware particularly focused Samsung Galaxy telephones, with the attackers exploiting a zero-day vulnerability in Samsung’s Android picture processing library to deploy the spy ware for surveilling and extracting knowledge from customers, together with microphone recording, location monitoring, messages, and name logs.

In response to Unit 42, Landfall remained an energetic vulnerability on Samsung telephones for months, remaining undetected till Samsung was alerted about it and patched it in April 2025. Unit 42 believes that the Landfall spy ware assault was primarily utilized in 2024 and early 2025 for “focused intrusion actions within the Center East.”

What’s a zero-day vulnerability?

It is a safety flaw that builders have been unaware of till it was exploited

In the event you’re unfamiliar with what a zero-day vulnerability is, it is a safety flaw that’s exploited earlier than the developer even is aware of about it. This implies they’ve had zero days to repair it, so time is of the essence.

What made this Landfall spy ware assault significantly malicious is that it may very well be deployed with out the person even being conscious of it. How is that this attainable? On this case, Unit 42 found that Landfall contaminated customers’ telephones by way of a malicious DNG picture file containing spy ware, which may very well be despatched by way of a messaging app like WhatsApp.

Landfall is known as a “zero-click” assault as a result of the person does not have to take any motion. Merely processing the picture for show would trigger the telephone to mechanically and unknowingly load the spy ware, which exploited the vulnerability in Samsung’s Android picture processing library that I discussed earlier. This basically implies that the spy ware may very well be put in on a telephone with out the person ever being conscious of it.

Unit 42 was in a position to uncover the existence of Landfall after it seen that two comparable safety flaws have been patched for iOS and WhatsApp. It was additionally in a position to establish the focused machine fashions for this assault, which included the Samsung Galaxy S23 and S24 sequence, the Galaxy S22, the Galaxy Z Fold 4, and the Z Flip 4.

It is value reiterating that Landfall is not an energetic menace, as Samsung patched the vulnerability in April 2025 with a safety replace. Subsequently, in case you have a Samsung telephone and have saved it up to date this 12 months, you don’t have anything to fret about. To simply verify for the most recent updates in your Samsung telephone, you possibly can go to Settings > Software program replace > Obtain and Set up.