A new web-based hacking tool known as DarkSword has recently been made publicly available on GitHub, raising significant concerns among cybersecurity experts. The tool is reportedly being utilized by Russian hacking groups to fully compromise vulnerable iPhones, particularly those running outdated versions of iOS. The exploit allows would-be cybercriminals to easily deploy the DarkSword code by copying and pasting it, which poses a serious threat as it requires no malware to be downloaded by the target, making it particularly insidious.
Following reports from Google’s Threat Intelligence Group and cybersecurity firms iVerify and Lookout, Apple issued a prompt statement addressing the potential risk. DarkSword enables hackers to steal sensitive data from devices running iOS versions 18.4 to 18.6.2. It has been noted that these attacks can occur virtually instantly. Hackers can upload the HTML and JavaScript code to compromised websites, making visiting such sites enough for users with outdated iOS versions to become victims. Data at risk includes passcodes, emails, and private messages, with a particular emphasis on crypto wallet apps, suggesting a financial motive behind the exploit.
Lookout Threat Labs highlighted the evolution of cyberattacks with the discovery of DarkSword, which requires no specialized knowledge to implement. This user-friendly nature of the tool could enable a wider range of cybercriminals to carry out attacks. The tool has already been linked to hacking attempts involving Ukrainian government agency sites, implicating the suspected hacker group UNC6353, which may have connections to the Russian state.
Reports from various sources indicate that approximately 25% of all iPhones are currently operating on iOS 18, meaning that hundreds of millions of devices are potentially at risk. This is particularly concerning as the latest version of iOS is 26.3.1, and many users have yet to upgrade.
To protect against the DarkSword threat, cybersecurity experts recommend that iOS users promptly update their devices to the latest version of iOS. For those unable to update, enabling Lockdown Mode on their iPhones may provide an additional layer of security. In a proactive measure, Apple has also rolled out critical security updates for older devices, specifically for those running iOS 13 or 14, allowing users to upgrade to iOS 15 to benefit from these protections.
