DarkSword hacking tool hacks iPhone by simply visiting website

iphone table

Google and two cybersecurity companies have warned iPhone users about a new vulnerability that allows attackers to steal data only when visiting a website from an iOS device.

New attack tool: DarkSword

This is a set of tools called DarkSword, which, according to Google Threat Intelligence Group, as well as Lookout and iVerify, is already being used in attacks around the world. The exploit uses several vulnerabilities in iOS at once – versions of the system from 18.4 to 18.7 are at risk. According to Apple, about a quarter of all iPhones continue to run on various versions of iOS 18.

This means that potentially hundreds of millions of devices could be vulnerable to attacks using DarkSword. The main feature of the tool is that it does not need to be installed on the device. The user just needs to open the infected website. After that, data collection begins, including personal and financial information.

How the attack works and what is stolen

Unlike classic spyware, DarkSword is not designed for long-term surveillance. As Lookout researchers note, after completing data collection, the tool deletes all created files and stops working. The entire process can take a few minutes.

During this time, attackers can gain access to a wide range of information: call logs, contacts, calendars, notes, photos, screenshots, movement history and browser. Account data, iCloud content, Wi-Fi passwords, SIM card information and “Find iPhone” settings are also at risk.

In addition, the attack affects correspondence and data from popular services: iMessage, email, WhatsApp and Telegram. In some cases, even keys to crypto wallets can be stolen. After the device is rebooted, traces of the presence of malicious code practically disappear, which makes it difficult to detect the attack.

Geography of attacks and schemes

The researchers provide examples of specific incidents. One of the early cases was recorded in November: users from Saudi Arabia went to the Snapshare website, designed as a Snapchat service. After that, they were redirected to this site, and the infection occurred unnoticed.

To do this, the attackers hacked news resources and government websites. The analysts also link this group to another tool, Coruna, discovered earlier this year. It targeted devices running older versions of iOS, from 13 to 17. The experts pay special attention to the behavior of the attackers: the DarkSword code is not hidden and remains accessible, which makes it easy for other attackers to reuse it. This may indicate confidence in the ability to quickly create new similar tools even after closing the current vulnerabilities.


Don't miss interesting news

Subscribe to our channels and read announcements of high-tech news, tes

Leave a Reply

Your email address will not be published. Required fields are marked *





Articles & testsArticles

Oppo A6 Pro smartphone review: ambitious Oppo A6 Pro (CPH2799)

Creating new mid-range smartphones is no easy task. Manufacturers have to balance performance, camera capabilities, displays, and the overall cost impact of each component. How the new Oppo A6 Pro balances these factors is discussed in our review.


Logitech MX Keys S Combo wireless keyboard and mouse set review: tactile hi-end Logitech MX Keys S Combo

The Logitech MX Keys S Combo combines a top-of-the-line mouse, keyboard, and palm rest, providing good ergonomics, build quality, and extensive functionality when working with multiple devices


NewsNews
| 19.08
Qiming Q2 guide robot: a technological breakthrough in China

On June 30, the Chinese city of Mianyang began continuous testing of the Qiming Q2 guide robot, which is a digital alternative to guide dogs.

| 17.04
Xiaomi Redmi K90 Ultra – a new gaming flagship with Snapdragon 8 Elite
Xiaomi Redmi K90 Ultra

Xiaomi released a powerful gaming smartphone Redmi K90 Ultra, which received a top Snapdragon 8 Elite processor, a massive 8550 mAh battery and an advanced active cooling system.