Researchers from iVerify, Lookout, and Google revealed on Wednesday that a sophisticated spyware exploit known as Darksword was embedded on dozens of Ukrainian websites in recent weeks.
This powerful tool can silently penetrate and extract sensitive information from potentially hundreds of millions of iPhone models running vulnerable versions of iOS (specifically iOS 18.4 through 18.6.2, released between March and August 2025). Infection occurs simply by visiting one of the compromised sites, enabling attackers to steal personal data, message histories, photos, passwords, and even cryptocurrency wallet details.
The finding marks the second major discovery of advanced iPhone-targeting spyware this month, following the earlier exposure of the Coruna exploit kit. Both campaigns, often linked to suspected Russian state-sponsored actors targeting Ukraine, highlight a growing and thriving underground market for high-end malware capable of breaching Apple’s mobile ecosystem to harvest valuable data and crypto assets. Apple has since patched many related vulnerabilities in newer iOS updates, but millions of devices on older versions remain at risk.
Google said its researchers observed multiple commercial vendors and suspected state-linked hackers using Darksword in distinct campaigns against targets in Saudi Arabia, Turkey, Malaysia and Ukraine.
The campaigns in Malaysia and Turkey were associated with Turkish commercial surveillance vendor PARS Defense, Google said. PARS Defense did not respond to a request for comment.
According to iVerify and Lookout, researchers discovered the malware being delivered to iPhone users running iOS versions 18.4 to 18.6.2 who visited one of dozens of Ukrainian websites. Apple released those versions between March and August 2025.It’s not clear how many iPhones are vulnerable to Darksword attacks, the researchers said. Apple has released multiple fixes for the underlying bugs attackers used to make Darksword. Nevertheless, many people don’t install iPhone updates, and an estimated 220 million to 270 million iPhones still run exposed iOS versions, according to iVerify and Lookout, which based the figures on public estimates. Google did not share its findings ahead of Wednesday’s report.
MacDailyNews Take: Keep your devices updated to the latest operating system versions.
Please help support MacDailyNews — and enjoy subscriber-only articles, comments, chat, and more — by subscribing to our Substack: macdailynews.substack.com. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]