Snowden’s warning comes in the wake of revelations about the clients of NSO Group. He said that for-profit malware developers as "an industry that should not exist".
He made the comments in an interview with the Guardian after the first revelations from the Pegasus project, a journalistic investigation by a consortium of international media organizations into the NSO Group and its clients.
Snowden said the consortium's findings illustrated how commercial malware had made it possible for repressive regimes to place vastly more people under the most invasive types of surveillance.
For traditional police operations to plant bugs or wiretap a suspect's phone, law enforcement would need to "break into somebody's house, or go to their car, or go to their office, and we'd like to think they'll probably get a warrant", he said.
But commercial spyware made it cost-efficient for targeted surveillance against vastly more people.
"If they can do the same thing from a distance, with little cost and no risk, they begin to do it all the time, against everyone who's even marginally of interest", he said.
"If you don't do anything to stop the sale of this technology, it's not just going to be 50,000 targets. It's going to be 50 million targets, and it's going to happen much more quickly than any of us expect."
One of the main issues was the lack of difference between mobile phone software and hardware in the world.
"When we're talking about something like an iPhone, they're all running the same software around the world. So if they find a way to hack one iPhone, they've found a way to hack all of them."
He said malware makers were an industry where the only thing they did was create custom variants of Covid to dodge vaccines.
"Their only products are infection vectors. They're not security products. They're not providing any kind of protection, any kind of prophylactic. They don't make vaccines -- the only thing they sell is the virus."
Snowden said commercial malware such as Pegasus was so powerful that ordinary people could in effect do nothing to stop it.
He said the only viable solution to the threat of commercial malware was an international moratorium on its sale. There are certain industries, certain sectors, from which there is no protection, and that's why we try to limit the proliferation of these technologies. We do not allow a commercial market in nuclear weapons.
A global ban on the trade in infection vectors would prevent commercial abuse of vulnerabilities in mobile phones, while still allowing researchers to identify and fix them.
"The solution here for ordinary people is to work collectively. This is not a problem that we want to try and solve individually, because it's you versus a billion-dollar company," he said. "If you want to protect yourself you have to change the game, and the way we do that is by ending this trade."