DarkSword, the web-based hacker tool that can be used to steal data from millions of iPhones, has just been published on GitHub for public use. Cybersecurity experts say Russian hacking groups are actively using DarkSword “to fully compromise devices.”
Now that the exploit is public, any would-be cybercriminal can just quickly copy and paste the DarkSword code, take a few minutes to set it up on their web host, and deploy the spyware.
Last week, reports about the new hacker tool called DarkSword sparked so much concern in the security world that Apple was forced to issue a quick response explaining how the company is addressing the threat. The reports came from Google’s Threat Intelligence Group and two cybersecurity firms, iVerify and Lookout.
Want to be the first to hear about our latest tech coverage? Sign up for Mashable’s Top Stories and Deals newsletters today.
What is DarkSword?
DarkSword is an exploit that lets hackers steal data from vulnerable iPhones running outdated versions of iOS.
DarkSword has concerned cybersecurity professionals because it doesn’t require that the hacker’s target download any malware or corrupted files. Hackers can simply download the DarkSword HTML and Javascript and upload it to a compromised website. If a user with an old version of iOS visits the compromised site, their device becomes vulnerable. The hacker can then steal data such as passcodes, emails, private messages, and more from the victim’s iPhone.
Mashable Light Speed
As Lookout reported last week:
In a tangible example of how attacks are evolving, Lookout Threat Labs has discovered DarkSword, a full iOS exploit chain and payload for iPhones running iOS versions between iOS 18.4 and 18.6.2…DarkSword aims to extract an extensive set of personal information including credentials from the device and specifically targets a plethora of crypto wallet apps, hinting at a financially motivated threat actor. Notably, DarkSword appears to take a ‘hit-and-run’ approach by collecting and exfiltrating the targeted data from the device within seconds or at most minutes followed by cleanup.
Google cybersecurity researchers reported that the notorious hacker group UNC6353, which is suspected to have ties with the Russian government, previously deployed DarkSword on compromised Ukrainian government agency sites to target iPhone users within Ukraine.
iVerify told TechCrunch that the DarkSword exploit that’s now in the wild is slightly different but “shared the same infrastructure.” According to iVerify, no iOS experience is needed to run the exploit and it will work “out of the box.”
This Tweet is currently unavailable. It might be loading or has been removed.
As TechCrunch also reported, another X user shared that they were able to hack their iPad mini 6th gen running iOS 18.6.2 with the DarkSword exploit that was just released in the wild.
Apple previously reported on its developer website that nearly 25 percent of all iPhones are still running iOS 18, meaning hundreds of millions of iOS devices are susceptible to this exploit. The current version of iOS is iOS 26.3.1.
How to protect your Apple devices from DarkSword
Google’s Threat Intelligence Group urged iOS users to update their devices to the newest version of iOS, and if that’s not possible, to activate the iPhone’s Lockdown Mode.
Apple also said that it pushed out a critical security update on March 11 for older iOS devices that can’t install the more up-to-date iOS in order to protect these devices from DarkSword. Users with devices running iOS 13 or iOS 14 need to update to iOS 15 to receive these critical protections.
