**
A recent security analysis has unveiled the existence of a potent spyware, known as Darksword, which poses a significant threat to potentially hundreds of millions of Apple iPhones. Researchers from Lookout, iVerify, and Google discovered this malicious software embedded in numerous Ukrainian websites, marking the second instance this month of sophisticated spyware targeting Apple devices. This alarming trend highlights the growing market for advanced cyber threats that can compromise sensitive data, including cryptocurrency wallet information.
New Threats Emerge
The emergence of Darksword comes on the heels of another spyware alert regarding a different iPhone exploit, named Coruna, which was reported earlier in March. Both types of malware indicate a troubling trend in the development and deployment of hacking tools that are no longer confined to state-sponsored entities but are now accessible to criminal organisations with financial motivations.
“There’s now a verified pipeline of recent exploits… that have ended up in the hands of potentially criminal entities with a financial focus,” noted Justin Albrecht, principal researcher at Lookout. This statement underscores the alarming reality that sophisticated tools are proliferating within the cyber underworld, making them increasingly available to a wider range of malicious actors.
Scope of the Threat
Google’s research indicates that various commercial vendors and suspected state-affiliated hackers have employed Darksword in targeted campaigns across multiple countries, including Saudi Arabia, Turkey, Malaysia, and Ukraine. The Turkish commercial surveillance company PARS Defense has been implicated in some of these operations, although they have yet to respond to inquiries regarding their involvement.
The spyware reportedly affects iPhones running iOS versions 18.4 to 18.6.2, which were released between March and August 2025. Researchers estimate that between 220 million and 270 million iPhones remain vulnerable, as many users neglect to install critical software updates that address these vulnerabilities. Apple, for its part, has rolled out numerous patches to fix the underlying issues, but the reluctance of users to keep their devices updated poses a significant risk.
Apple’s Response
In light of these revelations, Apple has urged its users to promptly update their software to mitigate security risks. An Apple spokesperson stated that these exploits target “out-of-date software” and reassured users that the vulnerabilities have been addressed in multiple updates over the years.
“Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” the spokesperson added. Moreover, Apple has implemented measures to block malicious domains identified by Google, preventing further exploitation via its Safari browser.
A Disturbing Trend in Cybersecurity
The simultaneous discovery of two powerful iOS exploits this month points to a burgeoning ecosystem for malware that was once predominantly used for state-sponsored espionage. Rocky Cole, co-founder and COO of iVerify, remarked that the operational security surrounding these tools appears to be lacking, suggesting a casual attitude towards their exposure.
“The fact that they don’t care if it gets burned, and that they’re using them in mass attacks with poor operational security, that says a lot about how much they value these tools,” Cole stated. This revelation raises concerns about the potential for these exploits to evolve and become even more prevalent in the cyber landscape.
Why it Matters
The rise of Darksword and similar spyware highlights a pressing need for vigilance in digital security. As sophisticated malware becomes increasingly accessible to a wider array of actors, the stakes for personal and financial data security are higher than ever. Users must remain proactive in updating their devices and understanding the risks posed by lax security practices. This incident serves as a critical reminder of the ongoing battle between cybersecurity and the ever-evolving tactics of malicious entities. As the digital landscape grows, so too must our commitment to safeguarding our information.
