Unit 42 researchers have uncovered LANDFALL, a previously unknown Android spyware family targeting Samsung Galaxy devices. The spyware exploits CVE-2025-21042, a zero-day vulnerability in Samsung's image processing library, to deliver commercial-grade surveillance capabilities. LANDFALL is embedded in malicious DNG image files, likely distributed via WhatsApp, and enables comprehensive monitoring including microphone recording, location tracking, and data collection. The campaign shares infrastructure with known commercial spyware operations in the Middle East. The vulnerability has been patched, but the exploit chain remained active and undetected for months before discovery.