Mumbai, March 22: Cybersecurity experts have identified a sophisticated new spyware tool named "DarkSword" that has compromised hundreds of millions of iPhones globally. A joint investigation by Google’s Threat Intelligence Group, Lookout, and iVerify revealed that the malware utilizes "watering hole" attacks, where legitimate websites are infected to silently siphon data from visitors. The campaign has specifically targeted users in Ukraine, Saudi Arabia, Turkey, and Malaysia, raising significant concerns over the security of older mobile operating systems.

The discovery follows the recent unveiling of another potent exploit known as "Coruna" on March 3, 2026. Researchers noted that DarkSword shares infrastructure with the previous toolkit, suggesting a flourishing secondary market for advanced mobile exploits. Unlike traditional spyware designed for long-term surveillance, DarkSword operates on a "hit-and-run" basis, remaining on a device for only a few minutes to extract sensitive information before erasing its own files to evade detection. Apple iPhone 17 Pro Max Price Drops to INR 1,47,900 at Vijay Sales; Know Steps To Buy.

Mechanics of the DarkSword Exploit

DarkSword is described as a full-chain exploit kit written entirely in JavaScript. It leverages six distinct vulnerabilities, including three zero-day flaws, to bypass Apple’s security layers without requiring any user interaction beyond visiting a compromised webpage. The infection process begins in Safari’s rendering engine and escalates to the system kernel, granting attackers deep access to the device's most sensitive areas.

Once active, the spyware can exfiltrate a vast array of personal data, including iMessage and WhatsApp databases, iCloud files, Wi-Fi passwords, and location history. Notably, researchers found that the tool specifically targets cryptocurrency wallets and exchange data, indicating a strong financial motive behind some of the campaigns. Because the malware resides in the device's memory and deletes its footprint upon exit, it is nearly undetectable after a simple restart.

Vulnerable Apple Devices and Targeted Regions

The spyware primarily affects iPhones running iOS 18, specifically versions 18.4 through 18.7. Security firms estimate that between 220 million and 270 million devices remain vulnerable because they have not yet been updated to the latest software. In Ukraine, the malware was found embedded in official government portals and popular news outlets, an operation linked by researchers to a suspected Russian-linked threat actor known as UNC6353.

In other regions, such as Turkey and Malaysia, the exploit was reportedly used by commercial surveillance vendors to deploy backdoors. iVerify researchers observed that the attackers displayed unusually poor operational security, leaving the full source code unprotected on their servers. This suggests that advanced hacking tools, once reserved for elite state intelligence, are now being utilized by broader criminal entities who are less concerned with the tools being "burned" or discovered.

Apple’s Security Response and Mitigation

Apple has responded to the threat by emphasizing that users running the latest versions of iOS 15 through iOS 26 are protected. The company released a series of patches in late 2025 and early 2026, with the most recent emergency updates arriving on March 11, 2026, to secure older devices that cannot support the newest operating systems. An Apple spokesperson stated that "keeping software up to date remains the single most important thing users can do" to maintain device integrity. Apple iPhone 17 Pro Max Hits Lowest Price Ever in India.

For high-risk individuals, such as journalists and activists, security experts recommend enabling Apple’s "Lockdown Mode." This feature significantly reduces the phone's attack surface and has been confirmed to block the specific web-based techniques used by DarkSword. Additionally, users are encouraged to utilize Safari's built-in "Safe Browsing" feature, which now includes the malicious domains identified in the Google and Lookout reports.

TruLY Score by LatestLY
Rating:3

TruLY Score 3 – Believable; Needs Further Research | On a Trust Scale of 0-5 this article has scored 3 on LatestLY, this article appears believable but may need additional verification. It is based on reporting from news websites or verified journalists (NDTV ), but lacks supporting official confirmation. Readers are advised to treat the information as credible but continue to follow up for updates or confirmations

(The above story first appeared on LatestLY on Mar 22, 2026 07:09 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).