A highly sophisticated hacking toolkit called DarkSword is exploiting iPhones through infected websites, bypassing traditional methods like phishing and malicious app downloads. Cybersecurity researchers from Google’s Threat Intelligence Group, Lookout, and iVerify have documented the operation, which primarily affects users outside the US – specifically in Saudi Arabia, Turkey, Malaysia, and Ukraine.
How DarkSword Works
Unlike common spyware, DarkSword doesn’t rely on tricking users into clicking links or downloading software. Instead, it infects devices when victims browse compromised websites, including those impersonating popular apps like Snapchat or legitimate contractor portals. Once activated, the toolkit gains privileged access, enabling attackers to extract sensitive data, including messages, iCloud content, and even cryptocurrency wallet information.
The attacks aren’t designed for persistent surveillance, but rather for targeted data breaches. Google reports that the toolkit is being used by commercial surveillance vendors and suspected state-sponsored groups.
Apple’s Response and Vulnerable Devices
Apple was alerted to these vulnerabilities by Google in late 2025 and has since released software updates to address them. However, approximately 20% of iPhone users remain on older iOS versions (specifically 18.4 through 18.7), making them susceptible to DarkSword. The latest iOS update, 26.3, and a subsequent security patch 26.3.1(a) include fixes to prevent these attacks.
“Updates usually include new features, but more importantly, they often patch security issues. Delaying an update means malicious actors could exploit a vulnerability on your iPhone, putting your personal data and system security at risk.” – Zachary McAuliffe, CNET’s iOS expert.
Staying Safe: Update Your iPhone Now
To protect your device, update to the latest iOS software immediately. Go to Settings > General > Software Update to download and install any available updates. Older iPhone models may not be compatible with the latest iOS version, so it’s crucial to verify compatibility.
This toolkit demonstrates a shift in mobile hacking techniques, moving away from direct user manipulation toward exploiting vulnerabilities in the digital infrastructure itself. The limited geographic scope of the attacks suggests that they are highly targeted, but the ease of infection via compromised websites makes this a significant threat. Staying current with software updates is the simplest and most effective defense.
