Cybersecurity experts have issued an urgent warning about a newly uncovered exploit that could put hundreds of millions of iPhones at risk.
The Google Threat Intelligence Group says the malware, known as ‘DarkSword,’ enables hackers to break into devices and extract personal information.
DarkSword chains together six separate flaws in iOS and Safari, allowing attackers to quietly install malware on targeted devices.
The exploit affects iPhones running iOS versions 18.4 through 18.7, and can be triggered simply by visiting a malicious or compromised website, requiring no further action from the user.
Researchers say multiple groups are already deploying the tool in real-world attacks, including commercial spyware firms and state-backed actors, with activity observed in Saudi Arabia, Turkey, Malaysia and Ukraine.
An Apple spokesperson said the exploits targeted ‘out-of-date software,’ and that the underlying vulnerabilities have been addressed across multiple updates over the last several years for users running the latest versions of their devices’ operating systems.
‘Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,’ the spokesperson said.
Users who believe they may be targets of such attacks, particularly journalists, activists or those handling sensitive information, are advised to enable Apple’s Lockdown Mode by going to Settings, selecting Privacy & Security, tapping Lockdown Mode and following the prompts to turn it on and restart their device.
The Google Threat Intelligence Group says the malware, known as ‘DarkSword,’ enables hackers to break into devices and extract personal information
Researchers with cyber firm Lookout, mobile security firm iVerify and Google, published coordinated analyses of DarkSword, finding it takes advantage of several hidden weaknesses in iPhones and the Safari browser.
This allows attackers to secretly install malware on a device, another reminder of why keeping your phone updated is crucial.
In some cases, attackers created fake websites or apps to trick people, such as a lookalike version of Snapchat, while in others they hacked legitimate websites, including a government site.
Once a phone is infected, hackers can install different types of spyware depending on their goal.
One version, called ‘Ghostblade,’ is designed to steal huge amounts of personal information.
This includes text messages, call history, contacts, photos, emails, passwords, location data, browsing history and even files stored in iCloud.
It can also access messages from apps like WhatsApp and Telegram.
The malware looks for cryptocurrency apps and wallets, meaning it can potentially steal digital assets or sensitive financial data.
DarkSword chains together six separate flaws in iOS and Safari, allowing attackers to quietly install malware on targeted devices, highlighting the critical importance of keeping software up to date
Unlike some spyware that stays hidden for long periods, this one grabs the data it wants and then deletes itself, making it harder to detect.
It’s not clear how many iPhones are vulnerable to DarkSword attacks, the researchers said. Apple has released multiple fixes for the underlying bugs that attackers used to make DarkSword.
Nevertheless, many people do not install iPhone updates, and an estimated 220 million to 270 million iPhones still run exposed iOS versions, according to iVerify and Lookout, which based the figures on public estimates.
