**
A recent cyber threat has emerged that could potentially endanger the personal data of hundreds of millions of iPhone users globally. Researchers have identified a sophisticated spyware known as Darksword, which has been found on numerous Ukrainian websites, raising alarms about the security of Apple devices. This revelation comes on the heels of another spyware discovery earlier this month, signalling a concerning trend in the proliferation of advanced malware targeting mobile users.
Darksword Spyware: A New Threat Landscape
The Darksword spyware has been flagged by security experts from Lookout, iVerify, and Google, who conducted a detailed analysis of its capabilities. This spyware is particularly insidious, able to siphon off sensitive data, including cryptocurrency wallet information. The malware appears to be part of a growing arsenal of tools that cybercriminals are employing, highlighting a market that is evolving rapidly to exploit vulnerabilities in widely-used technology.
Interestingly, this discovery is not an isolated incident. On 3 March, Google and iVerify had already reported a separate piece of spyware dubbed “Coruna,” which also targets iPhones. Alarmingly, both Darksword and Coruna were found to reside on the same servers, indicating a potentially coordinated effort to compromise Apple devices.
A Global Security Concern
Research indicates that Darksword has been deployed through various campaigns targeting users in countries such as Saudi Arabia, Turkey, Malaysia, and Ukraine. Notably, some of these attacks are believed to be linked to Turkish commercial surveillance firm PARS Defense, although the company has yet to respond to inquiries regarding its involvement.
The spyware specifically targets iPhones running iOS versions 18.4 to 18.6.2, which were released between March and August 2025. However, the exact number of vulnerable devices remains uncertain. Estimates suggest that between 220 million and 270 million iPhones may still be operating on versions susceptible to this malware, primarily because many users neglect to install updates.
Apple’s Response and User Responsibilities
In light of these discoveries, Apple has urged its users to promptly update their devices to the latest software versions, as the vulnerabilities exploited by Darksword have been addressed in previous updates. An Apple spokesperson reinforced the importance of maintaining up-to-date software as a critical line of defence against such cyber threats. Additionally, Apple has implemented protective measures in its Safari web browser to block malicious domains associated with the Darksword exploits.
Yet, despite these efforts, the findings underscore a troubling trend: many users remain complacent about software updates, leaving their devices exposed. The alarming ease with which cybercriminals are deploying such sophisticated tools indicates a well-established ecosystem for malicious software, previously thought to be the domain of state-sponsored operations.
The Bigger Picture: Implications for Cybersecurity
The emergence of Darksword and similar spyware highlights the urgent need for heightened cybersecurity awareness among users and organisations alike. As cyber threats become increasingly sophisticated, the distinction between state-sponsored and commercially motivated attacks is blurring. The apparent lack of discretion in deploying these tools by cybercriminals signals a shift in the threat landscape, where even ordinary users could find themselves at risk.
Why it Matters
The Darksword spyware incident serves as a stark reminder that cybersecurity is not just a concern for tech-savvy individuals or organisations but for everyone. With millions of iPhones potentially at risk, this situation underscores the critical importance of regular software updates and user vigilance in safeguarding personal data. As malicious actors refine their tactics, it becomes imperative for both individuals and corporate entities to foster a culture of proactive cybersecurity practices to mitigate the risks of such pervasive threats.
