SAN FRANCISCO: Cybersecurity experts have discovered a powerful new iPhone spyware dubbed “Darksword,” capable of compromising hundreds of millions of devices to steal sensitive data and cryptocurrency credentials.
The discovery, made by researchers at Alphabet’s Google, Lookout, and iVerify, marks the second major iPhone exploit found this month. The malware was recently found embedded in dozens of Ukrainian websites, signaling a “flourishing” market for sophisticated hacking tools that were once the exclusive domain of state-level intelligence agencies.
Widening digital dragnet
According to coordinated reports released Wednesday, Darksword was found on the same servers used to host “Coruna,” another potent spyware revealed on March 3. While Coruna has been linked to suspected Russian operators, Google researchers observed Darksword being deployed in distinct campaigns across Turkiye, Malaysia, and Ukraine.
“There’s now a verified pipeline of recent exploits that have ended up in the hands of potentially criminal entities with a financial focus,” said Justin Albrecht, principal researcher at Lookout.
Vulnerability gap
The malware targets users running iOS versions 18.4 through 18.6.2. Although Apple has released patches for the underlying bugs, an estimated 220 million to 270 million iPhones remain vulnerable because users have not updated their devices.
Unlike elite espionage tools that are typically guarded with extreme secrecy, researchers noted that Darksword’s operators showed “sloppy” operational security.
In a statement, an Apple spokesperson noted that the exploits target “out-of-date software” and that vulnerabilities have been addressed in recent updates. The company confirmed that all known malicious domains are now blocked by Safari’s Safe Browsing.
Security experts maintain that the single most effective defense remains immediate software updates to the latest iOS version.
