In one of the largest breaches so far this year, hackers are using a flaw that exists in most cell phones' SIM card to track users' locations and, in some cases, take control of their device.
The malware is known as SimJacker and was discovered by cybersecurity firm AdaptiveMobile in September. As its name suggests, the hack contains malicious code hijacks a user's SIM card. All it takes to spread is a single SMS — or text message — containing the code.
SimJacker is platform-agnostic, meaning it can potentially affect any type of hardware or software — instead, it exploits an interface used by cell carriers, Ars Technica reports.
Sprint, AT&T, Verizon, and T-Mobile have released statements saying their service wasn't affected in the US, so if you use any of those major networks and stayed in the country, you can rule yourself out as a potential victim. Most affected countries were in the Middle East and Africa, according to ZDNet, so customers who traveled to these areas and used their phone in roaming mode could potentially be affected.
If it sounds like you might be vulnerable, contact the carriers and check whether they've implemented network filters to block the SMS messages carrying SimJacker.