Cybersecurity investigators have identified a surge in cyberattacks targeting smartphones and telecommunications infrastructure, with groups linked to China's military and intelligence services implicated in these operations. The attacks have affected individuals in government, politics, technology, and journalism, and have included highly unusual software crashes that may have enabled hackers to infiltrate devices without user interaction. The ShadowPad malware and PurpleHaze threat cluster, associated with Chinese groups APT15 and UNC5174, have been used in these campaigns. U.S. authorities warned in December of a widespread Chinese hacking campaign aimed at accessing the texts and phone conversations of an unknown number of Americans. Hackers were reportedly able to listen in on phone calls in real time and read text messages, with high-profile targets including President Donald Trump and Vice President JD Vance during the 2024 campaign. The Salt Typhoon cyberespionage group has gained persistent access to major telecom carriers, data centers such as Digital Realty, which operates over 300 data centers, and mass media providers like Comcast, which serves 51 million broadband and cable customers. Security experts highlight that user lapses, such as inadequate security practices, further exacerbate vulnerabilities in mobile devices and apps. The proliferation of connected devices, from smartphones to smart appliances, has outpaced security measures. The exploitation of Ivanti vulnerabilities has also been documented in these attacks. In addition to espionage, there has been a rise in financial fraud schemes exploiting mobile device vulnerabilities. In Spain, authorities have warned of the 'fundido a negro' SIM swap scam, where criminals use phishing and other tactics to obtain personal data, request a duplicate SIM from telecom operators, and gain control of victims' banking verification codes sent via SMS. This enables unauthorized access to bank accounts and rapid theft of funds. Law enforcement and cybersecurity agencies recommend the use of multi-factor authentication methods that do not rely on SMS, such as authentication apps or biometric verification, to mitigate these risks. They also advise vigilance against suspicious messages or calls, regular monitoring of account activity, and prompt reporting of any unauthorized transactions. As one expert noted, 'The world is in a mobile security crisis right now.'