New 'DarkSword' exploit puts millions of iPhones at risk
What's the story
A powerful iPhone-hacking technique called DarkSword has been discovered in use by Russian hackers. The method can compromise devices running iOS 18 just by visiting infected websites. The discovery was made by researchers at Google, cybersecurity firms iVerify and Lookout. They found that DarkSword could silently and instantly hack iOS devices visiting those sites.
User vulnerability
Attackers can steal data of users on older iPhones
The hacking technique doesn't affect the latest versions of iOS, but it does work against older ones. According to Apple's own count, nearly a quarter of iPhones were still running on iOS 18 as of last month. "A vast number of iOS users could have all of their personal data stolen simply for visiting a popular website," said Rocky Cole, co-founder and CEO at iVerify.
Hacking toolkit
DarkSword linked to same Russian hackers as Coruna
The DarkSword hacking campaign was discovered just two weeks after another sophisticated toolkit, Coruna, was linked to a Russian state-sponsored espionage group. Although the developers of DarkSword appear to be different from those of Coruna, researchers found that it was used by the same Russian spies. The hacking tool was embedded in components of otherwise legitimate Ukrainian websites to harvest data from visitors' phones.
Widespread threat
DarkSword used by multiple hacking groups
Beyond the Russian espionage campaign, DarkSword was also used to hack phones of victims in Saudi Arabia, Turkey, and Malaysia. This suggests that the hacking tool has already been adopted by several different hacking groups. "Anyone who manually grabbed all the different parts of the exploit could put them onto their own web server and start infecting phones," said Matthias Frielingsdorf from iVerify.
Hacking strategy
Hackers can steal a range of data from phones
DarkSword is designed to steal a wide range of data from vulnerable iPhones, including passwords, photos, logs from iMessage, WhatsApp, and Telegram. It also targets browser history, Calendar and Notes data as well as information from Apple's Health app. Unlike traditional spyware that remains on users' phones, DarkSword employs stealthier techniques often seen in "fileless" malware targeting Windows devices.
Tool development
DarkSword works against most versions of iOS 18
DarkSword works against most versions of iOS 18, the previous version of Apple's mobile operating system before iOS 26 was released last fall. This means more phones are vulnerable to DarkSword than Coruna, especially given the slow adoption and unpopularity of iOS 26. The researchers who discovered DarkSword suspect it wasn't built by the Russian hackers who deployed it but by a "broker" firm that buys and sells hacking techniques.