**
A potent spyware known as Darksword has been identified as a significant risk to potentially hundreds of millions of Apple iPhones, according to recent findings from cyber security experts. This malicious software has been discovered on various websites in Ukraine, underscoring a growing trend of sophisticated malware targeting the iOS platform. Researchers believe this development represents a troubling escalation in the market for tools designed to pilfer sensitive information, including personal data and cryptocurrency wallet credentials.
A Surge in Cyber Threats
In a coordinated investigation, analysts from Lookout, iVerify, and Google have unveiled the alarming capabilities of Darksword, which comes on the heels of another spyware discovery named Coruna earlier this month. Together, these revelations depict a thriving ecosystem for advanced malware that has transcended its traditional realm of state-sponsored espionage, raising concerns about the potential for widespread exploitation.
Justin Albrecht, principal researcher at Lookout, emphasised the seriousness of the situation. “There’s now a verified pipeline of recent exploits… that have ended up in the hands of potentially criminal entities with a financial focus,” he stated. This highlights not only the sophistication of the malware but also the alarming ease with which it can be disseminated.
The Scope of the Threat
Google’s analysis indicates that Darksword has been deployed in targeted campaigns across various regions, including Saudi Arabia, Turkey, Malaysia, and Ukraine, often linked to commercial vendors and suspected state-affiliated hackers. Notably, operations in Malaysia and Turkey have been associated with PARS Defense, a Turkish surveillance firm, although the company has yet to respond to requests for comment.
The spyware specifically affects iPhones running iOS versions 18.4 to 18.6.2, which were released between March and August 2025. Unfortunately, many users neglect to install updates, leaving an estimated 220 to 270 million iPhones exposed to these vulnerabilities. Despite Apple’s efforts to patch these security flaws, a significant number of devices remain unprotected.
Apple’s Response to Vulnerabilities
In light of these findings, Apple has urged users to promptly update their devices’ software to safeguard against potential threats. An Apple spokesperson reassured users that the vulnerabilities exploited by Darksword have been addressed in previous updates. “Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” the spokesperson remarked.
Moreover, Apple has taken proactive steps to mitigate risks by blocking all malicious domains identified by Google through its Safe Browsing feature in the Safari browser, thereby reducing the likelihood of further exploitation.
Operational Security Concerns
The emergence of Darksword and Coruna as tools of mass cyber attacks suggests a shift in the operational security practices of those deploying such malware. Rocky Cole, co-founder and COO of iVerify, noted that the discovery of these vulnerabilities could point to a lack of care among attackers regarding their exposure. “The fact that they don’t care if it gets burned… says a lot about how much they value these tools,” Cole explained.
Such revelations indicate a growing accessibility of sophisticated cyber threats, posing a challenge not only to individual users but also to broader security infrastructures. Researchers believe that the loose operational security surrounding these exploits may ultimately lead to even greater vulnerabilities in the future.
Why it Matters
The implications of the Darksword spyware discovery extend beyond individual privacy concerns; they signal a potential shift in the landscape of cyber warfare and digital security. As sophisticated malware becomes more readily available, the risk of widespread data breaches escalates, threatening both personal and financial security for millions of users. This situation underscores the critical importance of regular software updates and robust security practices, as well as the need for heightened vigilance within the tech industry to combat the evolving threat landscape.
