Urgent iPhone Security Alert: 'DarkSword' Malware Threatens Millions
Cybersecurity experts have issued an urgent warning about a newly uncovered exploit that could put hundreds of millions of iPhones at severe risk. The Google Threat Intelligence Group has identified the malware, known as 'DarkSword,' which enables hackers to break into devices and extract vast amounts of personal information. This sophisticated attack chains together six separate flaws in iOS and Safari, allowing attackers to quietly install malware on targeted devices without any user interaction required.
How the DarkSword Exploit Operates
The exploit specifically affects iPhones running iOS versions 18.4 through 18.7. It can be triggered simply by visiting a malicious or compromised website, requiring no further action from the user. Researchers from cyber firms Lookout, iVerify, and Google have published coordinated analyses, finding that DarkSword takes advantage of several hidden weaknesses in iPhones and the Safari browser. In some cases, attackers have created fake websites or apps, such as a lookalike version of Snapchat, while in others they have hacked legitimate websites, including government sites.
Real-World Attacks and Global Impact
Multiple groups are already deploying DarkSword in real-world attacks, including commercial spyware firms and state-backed actors. Activity has been observed in countries such as Saudi Arabia, Turkey, Malaysia, and Ukraine. Once a phone is infected, hackers can install different types of spyware depending on their goal. One version, called 'Ghostblade,' is designed to steal huge amounts of personal information, including text messages, call history, contacts, photos, emails, passwords, location data, browsing history, and even files stored in iCloud. It can also access messages from apps like WhatsApp and Telegram, and it looks for cryptocurrency apps and wallets, potentially enabling theft of digital assets or sensitive financial data.
Apple's Response and User Recommendations
An Apple spokesperson stated that the exploits targeted 'out-of-date software,' and that the underlying vulnerabilities have been addressed across multiple updates over the last several years for users running the latest versions of their devices' operating systems. 'Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,' the spokesperson emphasized. However, many people do not install iPhone updates, and estimates from iVerify and Lookout suggest that 220 million to 270 million iPhones still run exposed iOS versions, based on public figures.
Users who believe they may be targets of such attacks, particularly journalists, activists, or those handling sensitive information, are strongly advised to enable Apple's Lockdown Mode. This can be done by going to Settings, selecting Privacy & Security, tapping Lockdown Mode, and following the prompts to turn it on and restart their device. Unlike some spyware that stays hidden for long periods, DarkSword grabs the data it wants and then deletes itself, making it harder to detect, underscoring the critical importance of proactive security measures.
