New Delhi: Cybersecurity researchers have uncovered a highly sophisticated spyware known as Darksword malware, capable of infiltrating Apple iPhones and accessing sensitive user data. The discovery, made on Wednesday, raises serious concerns about the growing market for advanced cyber-attack tools targeting Apple devices.
The Darksword malware was identified by teams from Lookout, iVerify, and Google. Experts revealed that the malicious software had been deployed across dozens of compromised websites in Ukraine in recent weeks, potentially exposing millions of devices to cyber threats.
How Darksword Malware Infects iPhones
According to researchers, the Darksword malware spreads through hacked websites. iPhone users running older versions of Apple’s operating system—specifically iOS versions 18.4 to 18.6.2—could become infected simply by visiting these sites.
These vulnerable iOS versions, released between March and August 2025, are still widely used. Estimates suggest that between 220 million and 270 million iPhones may remain exposed to the Darksword malware, as many users have not yet updated their devices.
Apple has confirmed that the vulnerabilities exploited by Darksword malware have been patched in newer software updates, urging users to keep their devices up to date to avoid security risks.
Global Spread and Multiple Campaigns
Researchers observed multiple cyber groups deploying Darksword malware in targeted campaigns across countries including Saudi Arabia, Turkey, Malaysia, and Ukraine. Some activity has been linked to PARS Defense, although the firm has not responded to allegations.
Also read : WhatsApp Call Noise Cancellation to Arrive on Android for Clearer Voice and Video Calls
Notably, experts found that the infrastructure used to host Darksword malware overlaps with servers linked to an earlier spyware strain called “Coruna,” suggesting a coordinated or shared ecosystem for cybercrime tools.
Rising Market for Advanced Spyware
The emergence of Darksword malware marks the second major iPhone-targeting threat discovered in just one month, highlighting a rapidly expanding market for advanced hacking tools. These tools are increasingly being used to steal personal data, financial information, and even cryptocurrency assets.
Cybersecurity experts warn that attackers are becoming less cautious about exposing their tools. “The use of exploits like Darksword malware in large-scale campaigns shows that these actors are prioritizing impact over secrecy,” said Justin Albrecht from Lookout.
Similarly, Rocky Cole noted that the repeated exposure of such tools indicates a shift in how cybercriminals operate, with less concern about their methods being discovered.
Apple Responds to the Threat
Apple stated that the attacks specifically targeted outdated software versions and reassured users that fixes have already been implemented in newer updates. The company also confirmed that malicious websites associated with Darksword malware have been blocked in Safari using its Safe Browsing feature.
“Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” an Apple spokesperson said.
What Users Should Do
With the threat of Darksword malware still lingering for unpatched devices, experts strongly advise users to immediately update their iPhones to the latest iOS version. Avoiding suspicious websites and maintaining updated security settings can significantly reduce the risk of infection.