A newly uncovered spyware campaign is raising serious concerns about the security of Apple iPhones worldwide. Researchers have identified a powerful exploit capable of infiltrating and extracting sensitive data from potentially hundreds of millions of devices.
According to cybersecurity experts, the malware—dubbed “Darksword”—was recently deployed across dozens of websites in Ukraine. Users visiting these compromised sites could unknowingly expose their devices, particularly if they were running older versions of Apple’s iOS.
A Growing Pattern of iPhone Attacks
This isn’t an isolated case. Earlier in the month, researchers revealed another sophisticated spyware tool called “Coruna.” The discovery of both tools within weeks highlights a troubling trend: advanced iPhone-targeting malware is no longer limited to elite, state-backed operations.
Instead, there appears to be a growing marketplace where such exploits are developed, traded, and used for financial gain—including theft of personal data and cryptocurrency assets.
Justin Albrecht, a principal researcher at Lookout, described the situation as a “verified pipeline” where high-end exploits are increasingly ending up in the hands of financially motivated threat actors.
Global Campaigns and Suspected Players
Researchers from Google, Lookout, and mobile security firm iVerify conducted a joint analysis of Darksword. Their findings suggest the spyware has been used in targeted campaigns across multiple countries, including Saudi Arabia, Turkey, Malaysia, and Ukraine.
In some cases, the activity has been linked to commercial surveillance vendors. One such company, PARS Defense, was reportedly associated with campaigns in Turkey and Malaysia, although it has not publicly responded to the allegations.
Who Is Most at Risk?
The spyware primarily targets iPhones running iOS versions between 18.4 and 18.6.2—software released between March and August 2025. While Apple has already patched the vulnerabilities exploited by Darksword, the risk remains significant.
Why? Because millions of users delay or ignore software updates.
Estimates suggest that between 220 million and 270 million iPhones worldwide may still be running outdated, vulnerable versions of iOS. That leaves a massive attack surface for cybercriminals.
Apple’s Response: Update or Stay Exposed
Apple has acknowledged the issue, emphasizing that the exploits target outdated software and have already been fixed in newer updates. The company reiterated a familiar but critical message: keeping devices updated is the most effective defense.
In addition, Apple has blocked known malicious domains through its Safe Browsing feature in Safari to limit further exposure.
A Shift in the Cyber Threat Landscape
One of the more surprising aspects of this discovery is how the vulnerabilities were found. Researchers noted that the attackers made operational security mistakes—something rarely seen in highly sophisticated, state-backed cyber operations.
This suggests a shift. Tools once reserved for intelligence agencies are now being used more broadly, often with less caution and at a larger scale.
Rocky Cole, co-founder of iVerify, pointed out that the casual use of such powerful exploits indicates they are no longer treated as highly sensitive assets. In simple terms: these tools are becoming more common—and more dangerous.
The Bottom Line
The emergence of Darksword and Coruna signals a new phase in mobile cybersecurity. iPhones, long considered among the most secure consumer devices, are increasingly in the crosshairs of advanced attackers.
For users, the takeaway is straightforward: if your device isn’t up to date, you’re taking a risk. In today’s threat environment, ignoring updates is no longer just inconvenient—it could be costly.
Comments
Post a Comment