Researchers Warn DarkSword Exploit Could Hit Millions of iPhones

A newly discovered iPhone hacking technique known as DarkSword is raising alarm across the cybersecurity world, with researchers warning it could potentially compromise hundreds of millions of devices.

The exploit chain, uncovered by researchers at Google alongside security firms iVerify and Lookout, can silently take over vulnerable iPhones simply by visiting a malicious website — with no downloads or user interaction required. 

Unlike older, highly targeted iPhone attacks, DarkSword appears to have been deployed at scale, embedded in compromised websites and used in both espionage and cybercriminal campaigns. 

DarkSword is described as an “exploit chain,” meaning it combines multiple vulnerabilities in iOS to gain deep access to a device.

Researchers say it primarily targets devices running older versions of Apple’s operating system particularly iOS 18 builds that have not been updated, which still account for a significant share of active iPhones globally. 

Once triggered, the exploit can:

• Hijack system processes without installing traditional malware
• Extract sensitive data such as messages, passwords, and crypto wallet details
• Access personal information including health and app data
• Operate silently without alerting the user

Because the attack is fileless, it leaves little trace on the device and can disappear after a reboot, making detection significantly more difficult. 

Security experts say DarkSword represents a major shift in how sophisticated iPhone exploits are being used.

Historically, advanced iOS hacking tools were reserved for highly targeted surveillance, often deployed against journalists, activists, or government officials.

But DarkSword has been observed in campaigns affecting large numbers of users at once, marking a transition from selective espionage to broader, opportunistic attacks. 

Researchers also noted that the exploit toolkit was found publicly available online with documentation, raising concerns that it could be reused or adapted by a wide range of attackers.

The discovery of DarkSword follows closely behind another powerful iPhone exploit toolkit known as Coruna, which was previously linked to state-sponsored hacking groups and later surfaced in broader cybercriminal activity.

Experts say these developments point to a growing global market for high-end hacking tools, where capabilities once limited to nation-state actors are increasingly becoming accessible to private groups and criminal networks.

Some of the campaigns involving DarkSword have been linked to state-aligned actors and surveillance vendors, with activity observed across regions including Eastern Europe and parts of Asia. 

Apple has already released security updates to address the vulnerabilities exploited by DarkSword and has urged users to update their devices as soon as possible.

However, millions of users remain at risk due to delayed software updates or continued use of older devices.

Security experts emphasize that keeping devices updated remains one of the most effective defenses against such attacks, especially as exploit chains like DarkSword continue to evolve.

The emergence of DarkSword highlights a broader trend in cybersecurity: mobile devices are becoming prime targets for advanced attacks, as they store vast amounts of personal and financial data.

Researchers warn that the increasing availability of sophisticated exploit tools could lead to more widespread attacks, especially as cybercriminal groups gain access to techniques once reserved for elite intelligence operations.

For users, the takeaway is simple but critical update devices regularly, avoid suspicious links, and treat mobile security with the same seriousness as desktop cybersecurity.