A newly discovered iPhone hacking technique, dubbed DarkSword, poses a significant threat to hundreds of millions of iOS devices worldwide. The tool, found embedded in compromised websites, allows attackers to silently steal data from vulnerable iPhones – a risk that underscores a growing trend: sophisticated hacking tools are becoming more accessible and indiscriminate.
The DarkSword Threat
Researchers at Google, iVerify, and Lookout have jointly revealed DarkSword’s existence. This technique exploits vulnerabilities in older versions of Apple’s iOS operating system, specifically iOS 18, which still runs on approximately 25% of iPhones as of last month. Attackers inject the tool into websites; any iPhone visiting the infected site can be compromised instantly.
The severity lies in its simplicity: hackers can easily deploy DarkSword on their own servers, turning any website into a potential infection vector. This ease of deployment is exacerbated by the fact that the tool’s code was left fully documented, with explanatory comments, on compromised websites.
Russian Espionage and Proliferation
DarkSword has already been linked to Russian state-sponsored espionage groups, who used it alongside another advanced toolkit, Coruna. Both tools were deployed through Ukrainian websites to harvest data from visitors.
However, the threat extends beyond state-sponsored actors. DarkSword has also been observed in attacks targeting victims in Saudi Arabia, Turkey, and Malaysia, indicating its proliferation to multiple hacking groups. The tool’s broad availability suggests that it’s now a marketable asset in the cybercrime ecosystem.
Data Theft and Stealthy Techniques
DarkSword is designed to steal sensitive data, including passwords, photos, messages, browser history, calendar entries, health data, and even cryptocurrency wallet credentials. It operates using “fileless” malware, which leverages legitimate system processes to avoid detection and leave minimal traces.
Unlike traditional spyware, DarkSword doesn’t persist on a device after rebooting. Instead, it performs a rapid “smash-and-grab” operation, extracting data within minutes of infection.
Why This Matters
The widespread availability of tools like DarkSword is alarming because it lowers the barrier to entry for cybercrime. Previously, such techniques were reserved for highly targeted attacks against specific individuals. Now, they are accessible to a wider range of actors, including financially motivated criminals, increasing the risk for average iPhone users.
Apple has released security updates, including emergency patches for older devices, but the sheer number of unpatched devices running vulnerable iOS versions creates a massive attack surface. The company emphasizes that keeping software up-to-date is the most critical step users can take.
The Expanding Exploitation Market
The emergence of DarkSword alongside Coruna points to an increasingly active market for zero-day exploits. Experts suspect that a “broker” firm, possibly Trenchant (a subsidiary of L3Harris), is selling these tools without significant vetting, allowing them to fall into the hands of both state actors and cybercriminals.
This trend suggests that highly effective hacking techniques are no longer exclusive to nation-states or elite hacking groups. The commoditization of exploits threatens to destabilize digital security, as attackers now view zero-days as disposable assets rather than carefully guarded weapons.
Ultimately, the rapid proliferation of tools like DarkSword signifies a shift towards more indiscriminate cyberattacks, where mass exploitation is prioritized over targeted espionage.
