Hajra Naz
Last week, cybersecurity researchers uncovered a sophisticated hacking campaign targeting iPhone users via a tool called DarkSword. Now, a newer version of DarkSword has been publicly leaked and published on the code-sharing platform GitHub, raising major concerns for iPhone and iPad users running older operating systems.
Older iPhones at Risk
Researchers warn that the leak makes it trivial for hackers to exploit iPhones running outdated iOS versions, specifically iOS 18 and earlier. Apple’s own data suggests this affects hundreds of millions of active devices.
Matthias Frielingsdorf, co-founder of the mobile security startup iVerify, said,
“This is bad. They are way too easy to repurpose. We need to expect criminals and others to start deploying this.”
The leaked version shares the same infrastructure as the previous DarkSword spyware but is easier to deploy. The files are mainly HTML and JavaScript, meaning even someone without iOS expertise can use them in “a couple of minutes to hours.”
How DarkSword Works
DarkSword is a fileless spyware tool that hijacks normal iOS processes rather than installing traditional malware. This allows it to exfiltrate sensitive data quickly, including:
- Contacts and messages
- Call history
- Wi-Fi passwords and credentials are stored in the iOS keychain
- Photos, documents, and other personal files
The leaked GitHub code includes detailed comments describing how the exploit works. One comment notes:
“This payload should be injected into a process with filesystem access class.”
Another describes post-exploitation activities, showing how the tool uploads stolen data to remote servers. In one case, the code references sending data to a Ukrainian apparel website, although the purpose is unclear. Earlier analyses suggest DarkSword has been used by Russian hackers against Ukrainian targets.
Confirmation from Security Researchers
Multiple experts have confirmed that the leak is extremely easy to use.
- Kimberly Samra, a Google spokesperson, confirmed that Google researchers agree with iVerify’s assessment.
- A security hobbyist using the handle “matteyeux” successfully hacked an iPad Mini running iOS 18 using the leaked code, calling it “trivial to use.”
Apple spokesperson Sarah O’Rourke emphasized that updated devices are safe:
“Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products. Lockdown Mode also blocks these specific attacks.”
How Many Users Are Vulnerable?
Apple’s data shows that about 25% of iPhones and iPads are still running iOS 18 or earlier, which translates to hundreds of millions of vulnerable devices worldwide. Given the leak, cybersecurity experts are urging users to update their devices immediately to protect against attacks.
DarkSword in Context
The discovery of DarkSword comes shortly after the uncovering of another advanced iPhone hacking toolkit called Coruna, originally developed by defense contractor L3Harris. Like DarkSword, Coruna is a sophisticated tool designed for high-level cyber operations.
The rise of publicly leaked exploits like DarkSword highlights the growing threat landscape for mobile users and the need for regular updates, vigilance, and strong security practices.
FAQs About DarkSword
1. What is DarkSword?
DarkSword is an advanced hacking tool for iPhones and iPads, capable of stealing messages, contacts, photos, passwords, and other sensitive data.
2. Which devices are at risk due to DarkSword?
Devices running iOS 18 or earlier are vulnerable. Updated devices with iOS 26 or later are safe.
3. How does DarkSword infect iPhones?
It uses a fileless approach, hijacking system processes instead of installing traditional malware, making it easier to deploy and harder to detect.
4. Can average users protect themselves from Darksword?
Yes. Keeping iOS up to date, enabling Lockdown Mode, and avoiding suspicious links or websites drastically reduces risk.
5. Why was the DarkSword code leaked?
The latest version was posted publicly on GitHub, allowing anyone to copy and deploy it, significantly increasing the threat to iPhone users worldwide.
