iPhone exploit DarkSword has been released in the wild
DarkSword, the web-based hacking tool that can be used to steal data from millions of iPhones, has just been launched. published on GitHub for public use. Cybersecurity experts say Russian hacking groups are actively using DarkSword βto completely compromise devices.β
Now that the exploit is public, any potential cybercriminal can simply quickly copy and paste the DarkSword code, take a few minutes to configure it on their host, and deploy the spyware.
Last week, reports on new hacker tool called DarkSword has caused so much concern in the security world that Apple has been obliged to issue a quick response explaining how the company is addressing the threat. The reports come from Google’s Threat Intelligence Group and two cybersecurity companies, iVerify and Lookout.
Want to be the first to know about our latest tech coverage? Sign up for Mashable Newsletters Top Stories and Offers Today.
What is DarkSword?
DarkSword is an exploit that allows hackers to steal data from vulnerable iPhones running outdated versions of iOS.
DarkSword worries cybersecurity professionals because it does not require the hacker’s target to download malware or corrupted files. Hackers can simply download DarkSword’s HTML and Javascript code and upload it to a compromised website. If a user with an older version of iOS visits the compromised site, their device becomes vulnerable. The hacker can then steal data such as passwords, emails, private messages, etc. on the victim’s iPhone.
Crushable speed of light
As Lookout reported last week:
In a real-world example of how attacks are evolving, Lookout Threat Labs discovered DarkSword, a complete iOS exploit chain and payload for iPhones running iOS versions between iOS 18.4 and 18.6.2… DarkSword aims to extract a comprehensive set of personal information, including device credentials and specifically targets a plethora of crypto wallet apps, hinting at a financially motivated threat actor. Notably, DarkSword appears to take a hit-and-run approach by collecting and exfiltrating targeted data from the device within seconds or at most minutes, followed by wiping.
Google cybersecurity researchers reported that the notorious hacker group UNC6353, believed to have ties to the Russian government, had already deployed DarkSword on compromised sites of Ukrainian government agencies to target iPhone users in Ukraine.
iVerify said TechCrunch that the DarkSword exploit that is now present in the wild is slightly different but “shares the same infrastructure”. According to iVerify, no iOS experience is required to run the exploit and it will work “out of the box.”
This Tweet is currently unavailable. It may be loading or has been deleted.
As TechCrunch also reported, another X user common that they were able to hack their 6th generation iPad mini running iOS 18.6.2 with the DarkSword exploit that was just released into the wild.
Apple previously reported on its developer website, nearly 25% of all iPhones are still running iOS 18, meaning hundreds of millions of iOS devices are susceptible to this exploit. The current version of iOS is iOS 26.3.1.
How to protect your Apple devices from DarkSword
Google’s Threat Intelligence Group has urged iOS users to update their devices to the latest version of iOS and, if this is not possible, enable iPhone lock mode.
Apple too said that it released a critical security update on March 11 for older iOS devices that cannot install the newer iOS in order to protect these devices from DarkSword. Users with devices running iOS 13 or iOS 14 should update to iOS 15 to benefit from these critical protections.
