‘Darksword’ spyware leaves millions of iPhones vulnerable

Published
A guest holds the new iPhone 14 at an Apple event at their headquarters in Cupertino, California. — Reuters/File
A guest holds the new iPhone 14 at an Apple event at their headquarters in Cupertino, California. — Reuters/File

MICHIGAN: A powerful software exploit capable of penetrating and stealing information from potentially hundreds of millions of Apple iPhones was planted on dozens of websites in Ukraine in recent weeks, researchers said on Wednesday.

The discovery marks the second time this month that researchers have fou­nd spy­­ware targeting iPhones and other Apple devices.

Together, the two hacking tools show that the market for sophisticated malware capable of stealing data and cryptocurrency wallet information is flourishing, researchers said.

Researchers with cyber firm Lookout, mobile security firm iVerify and Alphabet’s Google published coordinated analyses of the malware they dubbed Darksword.

On March 3, Google and iVerify revealed a separate powerful iPhone spyware called “Coruna”. Re­­searchers found Darks­word hosted on the same servers.

“There’s now a verified pipeline of recent exploits that have ended up in the hands of potentially criminal entities with a financial focus,” said Justin Albrecht, principal researcher with Lookout.

According to iVerify and Lookout, researchers discovered the malware being delivered to iPhone users running iOS versions 18.4 to 18.6.2 who visited one of dozens of Ukrainian websites. Apple released those versions between March and August 2025.

It’s not clear how many iPhones are vulnerable to Darksword attacks, the researchers said.

Apple has released multiple fixes for the underlying bugs attackers used to make Darksword.

Nevertheless, many people don’t install iPhone updates, and an estimated 220 million to 270m iPhones still run exposed iOS versions, according to iVerify and Lookout, which based the figures on public estimates. Apple did not respond to a request for comment. Researchers said they discovered the vulnerabilities because of sloppy security mistakes not common in state-linked iPhone hacking.

Published in Dawn, March 19th, 2026

Opinion

Editorial

Unfinished business
Updated 03 Jul, 2026

Unfinished business

THE landmark 18th Amendment and seventh NFC Award radically reshaped Pakistan’s fiscal federalism by transferring...
Abuse cycle
03 Jul, 2026

Abuse cycle

LULLED into a sense of false security by its own denial and apathy, Pakistan is a long way from achieving tangible...
Closing the gap
03 Jul, 2026

Closing the gap

THE numbers are encouraging, yet one cannot help but rue the opportunities still being lost. The GSMA’s Mobile...
‘Talks over hostility’
Updated 02 Jul, 2026

‘Talks over hostility’

THE recent appeal endorsed by civil society members from Pakistan and India, urging the prime ministers of both...
Lahore tragedy
02 Jul, 2026

Lahore tragedy

THE death of 14 children in the roof collapse of a private tuition centre in Lahore has plunged the entire country...
Data policy
02 Jul, 2026

Data policy

THE draft ‘Data Governance Policy’, released by the IT ministry recently, is a welcome step towards modernising...