Google and cybersecurity companies Lookout and iVerify have detailed a new hacking technique that potentially puts a significant portion of iPhone users in danger, just by visiting the wrong web page. The hack is called “DarkSword” and since it specifically targets several different versions of iOS 18, it could affect “close to a quarter of iPhones,” Wired writes.
DarkSword is a “fileless” hack that leverages a collection of exploits to access sensitive data when an iPhone visits an infected website. Rather than install spyware that hangs around on a user’s phone after messages and other private information are stolen, fileless hacks like DarkSword take control of “the legitimate processes in an iPhone’s operating system to steal data,” according to Wired. Even more troubling, DarkSword deletes any evidence it was running on an iPhone after it finishes stealing your information.
The hack starts as soon as an iOS device encounters an “malicious iframe embedded in a web page,” after which it works its way through your iPhone, gathering sensitive information like passwords before deleting itself. DarkSword can abscond with things like messages and iCloud content, but it’s also specifically designed to access crypto currency wallets, Lookout says, which could indicate who was using DarkSword before it became widely available.
DarkSword has reportedly been used in Ukraine, Saudi Arabia, Malaysia, Turkey and Russia, and its origins could be tied to a different hacking toolkit called Coruna that TechCrunch reports may have been created for the US government by a company called Trenchant. Regardless of where DarkSword came from, the tool didn’t become widely available until its Russian users left DarkSword’s source code on a website for anyone to access, “complete with explanatory comments in English that describe each component and include the ‘DarkSword’ name for the tool,” Wired writes.
Apple patched the exploits that DarkSword and Coruna used in recent updates to iOS 26, the yearly software release from 2025 that followed iOS 18. The problem is that not everyone is using Apple’s latest update. DarkSword targets iOS 18 releases between iOS 18.4 and iOS 18.6.2, and according to Apple’s latest iOS usage stats for developers, around 24 percent of iOS devices are still on iOS 18. Without more detail, it’s hard to know how many people that leaves exposed, but as a rule of thumb, if your iOS device can update to a newer software release, you should do so as soon as possible to stay secure.
