alt Hacker NewsIt happens all the time, and its as easy as sending a phone a text, or a packet, or escaping a sandbox, but you'll rarely be aware of it when you're infected because unlike the old days where malware would fill your screen with ads or something today they just silently collect your data or use your internet connection for careful port scans or DDoS attacks. NSO Group spyware (or similar) could be on your phone right now.
Hell, cellphones these days ship with spyware pre-installed. Samsung being the one of the worst for filling their phones with their own apps which spy on you constantly.
No nation state actor is going to waste a 0day on a random nobody. Even the recent Notepad++ exploit was only used against specific political targets. Any actor smart enough to be able to have an arsenal of 0days at their disposal is also smart enough to use them only where they are worthwhile because they will only get to do it once.
Believing you are more under threat from sophisticated government hackers rather than unsecured IOT devices, unvetted npm packages or hijacked download links is just LARPing for people who want to sound more important than they actually are IMO.