The NSA attempted to hijack control of Google and Samsung Android app stores' servers in a bid to leverage them for hostile man-in-the-middle attacks on smartphone and tablet users, according to The Intercept and CBC News.
The Intercept said it learned of the campaign, codenamed Irritant Horn, from leaked Snowden documents.
The campaign reportedly involved a joint "Network Tradecraft Advancement Team" made up of operatives from the "Five Eyes" alliance of the US, Canada, UK, New Zealand and Australia.
"The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware," reads the report.
"The agencies wanted to 'exploit' app store servers - using them to launch so-called ‘man-in-the-middle' attacks to infect phones with the implants."
The report alleges the hacked servers were used to spread mobile spyware to smartphones using "implants".
If successful, the network would have let the agencies collect and modify data packets and information passing between Android devices and the compromised app servers.
It is unclear if the campaigns were successful. Google, Samsung and the NSA had not responded to V3's request for comment at the time of publishing.
The attacks were reportedly part of a wider plot to use compromised devices to spread "selective misinformation to the targets' handsets" with the aim "to spread propaganda or confuse adversaries".
The attack tools were reportedly initially developed during workshops held in Australia and Canada between November 2011 and February 2012.
The workshops also let the agencies uncover vulnerabilities in the UC Browser - a popular Android app used mainly in China and India.
According to University of Toronto research group Citizen Lab, which analysed the browser following the leaks, the vulnerabilities could be exploited for a variety of purposes.
"We have identified a series of major security and privacy issues in the English language and Chinese language editions of the Android version of UC Browser," read Citizen Lab's advisory.
"We found that both versions of the application leak a significant amount of personal and personally-identifiable data; as a result, any network operator or in-path actor on the network can acquire a user's personally identifiable information through trivial decrypting of traffic or by observing unencrypted traffic."
The Intercept revealed in March that the CIA has been attempting to break the security of Apple devices, including the iPhone and iPad, for several years.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23