Cool. Someone is using a legacy component on SIM cards, the SIMalliance Toolbox Browser, to subvert mobile phones:
According to that overview, the attack is a SMS that's silently processed, injects malware that runs inside the SIM card using the Toolbox Browser environment, and can ask for information from the mobile phone that is exfiltrated using silent SMS.
The report does not state which mobile network providers still supply SIM cards with that component.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!