The NSA attempted to hijack control of Google and Samsung Android app stores' servers in a bid to leverage them for hostile man-in-the-middle attacks on smartphone and tablet users, according to The Intercept and CBC News.
The Intercept said it learned of the campaign, codenamed Irritant Horn, from leaked Snowden documents.
The campaign reportedly involved a joint "Network Tradecraft Advancement Team" made up of operatives from the "Five Eyes" alliance of the US, Canada, UK, New Zealand and Australia.
"The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware," reads the report.
"The agencies wanted to 'exploit' app store servers - using them to launch so-called ‘man-in-the-middle' attacks to infect phones with the implants."
The report alleges the hacked servers were used to spread mobile spyware to smartphones using "implants".
If successful, the network would have let the agencies collect and modify data packets and information passing between Android devices and the compromised app servers.
It is unclear if the campaigns were successful. Google, Samsung and the NSA had not responded to V3's request for comment at the time of publishing.
The attacks were reportedly part of a wider plot to use compromised devices to spread "selective misinformation to the targets' handsets" with the aim "to spread propaganda or confuse adversaries".
The attack tools were reportedly initially developed during workshops held in Australia and Canada between November 2011 and February 2012.
The workshops also let the agencies uncover vulnerabilities in the UC Browser - a popular Android app used mainly in China and India.
According to University of Toronto research group Citizen Lab, which analysed the browser following the leaks, the vulnerabilities could be exploited for a variety of purposes.
"We have identified a series of major security and privacy issues in the English language and Chinese language editions of the Android version of UC Browser," read Citizen Lab's advisory.
"We found that both versions of the application leak a significant amount of personal and personally-identifiable data; as a result, any network operator or in-path actor on the network can acquire a user's personally identifiable information through trivial decrypting of traffic or by observing unencrypted traffic."
The Intercept revealed in March that the CIA has been attempting to break the security of Apple devices, including the iPhone and iPad, for several years.
The new processors support Intel's Optane memory acceleration technology
Blockchain's killer app is bitcoin, the rest is mostly 'pure marketing', says MaidSafe's David Irvine
Blockchains are not suited to many of the data security purposes being put forward for them
Applications from some member states were down more than 40 per cent
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.