Hundreds of millions of iPhones remain vulnerable to a new hacking technique called DarkSword, discovered by researchers at Google, iVerify, and Lookout. The exploit targets devices running iOS 18-a version still used by nearly 25% of iPhone users-and can silently extract passwords, messages, health data, and cryptocurrency credentials within minutes of a user visiting a compromised website.
Unlike traditional spyware, DarkSword uses “fileless” malware that hijacks legitimate iOS processes, leaving minimal forensic traces and disappearing after a reboot. It has already been deployed in espionage campaigns linked to Russian state-sponsored actors, embedded in Ukrainian news and government sites. Earlier uses targeted victims in Saudi Arabia, Turkey, and Malaysia, with evidence suggesting involvement by customers of Turkish firm PARS Defense.
Critically, the full DarkSword code-complete with English comments and clear documentation-was left exposed on attack sites, making it easily reusable by other cybercriminals. While Apple has issued emergency patches for older devices and recommends updating to the latest iOS or enabling Lockdown Mode, the exploit’s broad reach and resale potential signal a dangerous shift: once-rare iOS hacking tools are now entering the mass cybercrime market.