It's actually easier for an attacker on desktops/laptops. Phones have excellent sandboxing and defenses by comparison.
The ideal attacker would find a way to silently steal a credential (e.g. session cookie) from your phone, then use it on a different device. That's not going to be something that makes a lot of noise on your device itself.
The ideal attacker would find a way to silently steal a credential (e.g. session cookie) from your phone, then use it on a different device. That's not going to be something that makes a lot of noise on your device itself.