Exploring the physical backbone of digital information within a state-of-the-art server farm.
Researchers Uncover ‘Darksword’ iPhone Spyware Threatening Millions
Researchers have identified a new threat named Darksword iPhone spyware. This powerful software exploit can penetrate and steal information from potentially hundreds of millions of Apple iPhones. The spyware was discovered on websites located in Ukraine.
This finding marks the second such discovery this month. It highlights a flourishing global market for sophisticated mobile malware.
What Happened
“Darksword” is described as a powerful software exploit. It is capable of penetrating and stealing sensitive information from Apple iPhones. This malware was planted on dozens of websites within Ukraine.
The estimated potential impact of “Darksword” is significant. It could affect hundreds of millions of devices globally.
Details From Sources
Research Collaboration
Researchers from cyber firm Lookout, mobile security firm iVerify, and Google published coordinated analyses. They collectively named the newly discovered malware “Darksword.” This collaboration brought the exploit to public attention.
Previous Discovery
On March 3, Google and iVerify had previously revealed a separate powerful iPhone spyware. This earlier exploit was named “Coruna.”
Server Link
Researchers found “Darksword” hosted on the same internet servers. These servers were used by suspected Russian operators of “Coruna,” according to iVerify and Lookout. Apple Patches Coruna Exploit.
Targeted Campaigns
Google researchers observed Darksword iPhone spyware being used in specific campaigns. These campaigns targeted individuals in Saudi Arabia, Turkey, Malaysia, and Ukraine. They involved both commercial vendors and suspected state-linked hackers.
PARS Defense Association
Google’s findings indicated that campaigns in Malaysia and Turkey were associated with a Turkish commercial surveillance vendor. This vendor is known as PARS Defense.
Affected iOS Versions
According to iVerify and Lookout, the malware targeted iPhone users. These users were running iOS versions 18.4 to 18.6.2 and visited Ukrainian websites. Apple released these specific iOS versions between March and August 2025.
Unclear Vulnerability Count
Researchers stated that the exact number of iPhones vulnerable to “Darksword” attacks is currently unclear. Further assessment is ongoing.
Apple’s Response
An Apple spokesperson commented on the situation. The spokesperson stated that the exploits targeted “out-of-date software.” They added that the underlying vulnerabilities have been addressed across multiple updates for users running the latest operating system versions.
Apple’s Security Advice
The Apple spokesperson emphasized the importance of timely updates. Keeping software up to date is the most crucial action for users. This ensures the maintenance of device security.
Apple Safe Browsing
All malicious domains identified by Google are now blocked by Apple Safe Browsing. This feature is integrated into the Safari web browser. This action aims to prevent further exploitation, according to the spokesperson.
Why This Matters
The potential impact on hundreds of millions of iPhones is significant. This highlights a serious iPhone security vulnerability. The discovery points to a flourishing market for sophisticated malware.
Such malware is capable of stealing sensitive data and cryptocurrency wallet information. Justin Albrecht, principal researcher with Lookout, noted a “verified pipeline of recent exploits” now reaching potentially criminal entities with a financial focus. This represents a growing threat from iOS malware exploit operations.
Background Context
The discovery of “Darksword” marks the second instance this month of researchers finding spyware. Both exploits target iPhones and other Apple devices. This follows the earlier revelation of “Coruna.”
“Darksword” and “Coruna” were found hosted on the same internet servers. This connection suggests a shared infrastructure or operational link between the two hacking tools.
Industry Reactions
Justin Albrecht, principal researcher with Lookout, commented on the trend. He stated there is a “verified pipeline of recent exploits” now ending up with potentially criminal entities. These entities primarily have a financial focus.
Rocky Cole of iVerify provided further insight. He suggested that the discovery of two distinct powerful iOS exploits indicates a robust ecosystem. This ecosystem supports tools previously limited to state-level intelligence operations.
Researchers also found that these vulnerabilities were discovered due to “sloppy security mistakes.” Such errors are not typical in state-linked iPhone hacking. This implies these entities are “not overly precious” about exposure.
PARS Defense, the commercial surveillance vendor, did not respond to requests for comment.
Related Data or Statistics
Public estimates from iVerify and Lookout suggest a considerable number of iPhones remain vulnerable. An estimated 220 million to 270 million iPhones still run exposed iOS versions. This is often because users do not install timely updates.
Future Implications (SPECULATIVE)
Rocky Cole’s statement implies a robust ecosystem for advanced hacking tools. These tools were once limited primarily to state-level intelligence operations. This suggests a potential increase in the availability and use of such exploits.
Commercial vendors and suspected state-linked hackers may continue using these exploits. This poses an ongoing threat to mobile device security. Appleās advice on timely software updates remains crucial for user protection.
Conclusion
The discovery of Darksword iPhone spyware highlights a serious threat to Apple users. Researchers have detailed its capabilities to steal information from millions of devices. Apple advises users to keep their software updated.
This event underscores a growing market for sophisticated mobile malware. Vigilance and prompt updates are essential for user security in this evolving landscape.
Keep Your Device Secure: Update Your Software
Readers are encouraged to keep their Apple devices’ software updated. This is the most important action for users to maintain high security, as advised by an Apple spokesperson.
FAQ
Q1: What is ‘Darksword’ iPhone spyware?
A1: ‘Darksword’ iPhone spyware is a powerful software exploit discovered by researchers. It is capable of penetrating and stealing information from Apple iPhones.
Q2: How was ‘Darksword’ discovered?
A2: Researchers from cyber firm Lookout, mobile security firm iVerify, and Google published coordinated analyses of the malware. They found it planted on dozens of websites in Ukraine.
Q3: Which iPhone users are affected by ‘Darksword’?
A3: The malware targeted iPhone users running iOS versions 18.4 to 18.6.2 who visited specific Ukrainian websites. An estimated 220 million to 270 million iPhones still run exposed iOS versions.
Q4: What is Apple’s advice regarding ‘Darksword’?
A4: An Apple spokesperson stated the exploits targeted “out-of-date software” and that underlying vulnerabilities have been addressed in recent updates. Apple advises users to keep their software updated.
Q5: Is ‘Darksword’ related to other recent iPhone spyware discoveries?
A5: Yes, ‘Darksword’ is the second such discovery this month, following “Coruna” iPhone spyware. It was found hosted on the same servers used by suspected operators of “Coruna.”
