A new malware named DarkSword is targeting millions of iPhones running outdated iOS versions, capable of stealing sensitive data like passwords, messages, and location history. Apple has since released patches and urges users to update their software for protection.
A new malware has been identified, particularly for iPhones. According to research, this new malware, known as DarkSword, may rapidly attack and take data from unprotected devices, potentially infecting millions of iPhones. The virus was studied collaboratively by cybersecurity firms Lookout and iVerify, as well as Alphabet’s Google. Researchers from all three groups have produced notes on DarkSword.
Researchers believe that between 220 million and 270 million iPhones may still be vulnerable to DarkSword owing to obsolete iOS versions.
All you should know about DarkSword
According to the researchers, DarkSword was identified embedded on several legal Ukrainian websites. It targets iPhones running iOS 18.4 to 18.6.2 using "elegant techniques never publicly seen before."
Related Articles
When a person accesses an infected website, the malware may quickly and covertly compromise their device. This allows the spyware to collect data such as Wi-Fi passwords, text messages, call histories, root location histories, browser histories, and so on.
One of the compromised websites was reported to have a ".gov.ua" domain, implying that the hackers were able to breach Ukrainian government computers. Ukraine's websites may not be the only ones that have been hacked.
According to reports, it revealed that DarkSword was utilised by various commercial vendors and suspected state-linked hacking organisations in different operations aimed at consumers in Saudi Arabia, Turkey, Malaysia, and Ukraine. The activities in Malaysia and Turkey were related to the Turkish commercial surveillance company PARS Defence.
Researchers highlight that DarkSword is located on the same servers as the Coruna malware, which was discovered targeting Ukrainian customers on March 3, 2026. Although Coruna was mostly employed for cryptocurrency theft.
iVerify alleges that the infrastructure was most likely managed by a Russian threat actor. Russia has been at war with Ukraine since it invaded the nation in February 2022. However, the true identity of the hackers is unclear.
Apple's Reaction to Hacking Threats
In a statement to NBC News, Apple spokesperson Sarah O'Rourke responded to the development, claiming that the tools are only compatible with earlier versions of the company's operating system. O'Rourke also stressed the significance of updating the iPhone on a regular basis.
"Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices," according to O'Rourke.
Notably, the research states that Apple addressed all known vulnerabilities with the iOS 26.3 release. The Cupertino-based tech behemoth has also taken a big step by providing a special update for iPhones that cannot run the most recent iOS versions, which included important vulnerability patches for the attacks.
