Researchers from iVerify, Lookout, and Google revealed on Wednesday that a sophisticated spyware exploit known as Darksword was embedded on dozens of Ukrainian websites in recent weeks.
This powerful tool can silently penetrate and extract sensitive information from potentially hundreds of millions of iPhone models running vulnerable versions of iOS (specifically iOS 18.4 through 18.6.2, released between March and August 2025). Infection occurs simply by visiting one of the compromised sites, enabling attackers to steal personal data, message histories, photos, passwords, and even cryptocurrency wallet details.
The finding marks the second major discovery of advanced iPhone-targeting spyware this month, following the earlier exposure of the Coruna exploit kit. Both campaigns, often linked to suspected Russian state-sponsored actors targeting Ukraine, highlight a growing and thriving underground market for high-end malware capable of breaching Apple’s mobile ecosystem to harvest valuable data and crypto assets. Apple has since patched many related vulnerabilities in newer iOS updates, but millions of devices on older versions remain at risk.
Google said its researchers observed multiple commercial vendors and suspected state-linked hackers using Darksword in distinct campaigns against targets in Saudi Arabia, Turkey, Malaysia and Ukraine.
The campaigns in Malaysia and Turkey were associated with Turkish commercial surveillance vendor PARS Defense, Google said. PARS Defense did not respond to a request for comment.
According to iVerify and Lookout, researchers discovered the malware being delivered to iPhone users running iOS versions 18.4 to 18.6.2 who visited one of dozens of Ukrainian websites. Apple released those versions between March and August 2025.It’s not clear how many iPhones are vulnerable to Darksword attacks, the researchers said. Apple has released multiple fixes for the underlying bugs attackers used to make Darksword. Nevertheless, many people don’t install iPhone updates, and an estimated 220 million to 270 million iPhones still run exposed iOS versions, according to iVerify and Lookout, which based the figures on public estimates. Google did not share its findings ahead of Wednesday’s report.
MacDailyNews Take: Keep your devices updated to the latest operating system versions.
Please help support MacDailyNews — and enjoy subscriber-only articles, comments, chat, and more — by subscribing to our Substack: macdailynews.substack.com. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]
Listen up folks.
There will NOT be any reliable security to anything, ever. Understand that?
All of these lying assdog banks, mortgage companies, our Social Security, the IRS, any police department, the US Department of War, the school your kids go to, ALL OF IT GODDAMNIT W-L-L-L BE H-A-C-K-E-D and your data S-T-O-L-E-N.
Is there anything you do not understand about what I just said?.
Do you believe your iCloud data is safe? IT IS NOT.
OK, downvote me, I don’t give a shit. BUT YOU NEED TO LEARN THAT YOUR DATA IS OR WILL BE COMPROMISED IN EVERY PLACE YOU HAVE IT at some point, FOR SURE.
It’s not a matter of absolute security. No information has ever been 100% secure going all the way back to the clay tablet days of well over 6,000 years ago.
It is a matter of “how secure”. Apple’s products are typically much more secure than most, even though they have never been 100% secure. But, raising the alarm that all of everyone’s data will be stolen is pure paranoia and alarmist.
Think back to the days about 20+ years ago when the Windows nuts were claiming that Apple’s products had “security through obscurity”. The concept was that Apple’s products were so rare that no one bothered to go through the effort to hack them. The reality was quite different. In the first 10,000 use hours of Window 7 beta there was a known virus attack on Windows 7 in the wild. At the same time with several millions of hours of use there was no known virus in the wild attacking Mac OSX systems.
It all comes down to how easy or hard it is to do the attack. Most Apple systems are relatively resilient against attacks. Are they 100% bullet proof? No, and as I said above, nothing is.
Should Apple be faster at patching against such things? Yes. However, you may have noticed, that Apple recently instituted a new way to field such patches. Hopefully, that will make Apple’s systems even more robust.
So this pertains to people who have not updated to iOS 26 or people who have an iPhone Xs, which can support iOS 18 variants but not iOS 26. So either people to lazy (or to dumb) to update or have a 6 1/2 year old phone and can’t update.
In a fairly short time, the the World will buzz with millions of AI Agent swarms and locking down almost anything on the web will be more than a challenge, or near impossible.
I’m going to live in a van down by the river…for an analogue renaissance.
Is there a link to one of these sites? I would like to test my iPhone. Thanks much, I will listen to the radio for the response.