DarkSword hacking tool hacks iPhone by simply visiting website
24.03.26
Google and two cybersecurity companies have warned iPhone users about a new vulnerability that allows attackers to steal data only when visiting a website from an iOS device.
New attack tool: DarkSword
This is a set of tools called DarkSword, which, according to Google Threat Intelligence Group, as well as Lookout and iVerify, is already being used in attacks around the world. The exploit uses several vulnerabilities in iOS at once – versions of the system from 18.4 to 18.7 are at risk. According to Apple, about a quarter of all iPhones continue to run on various versions of iOS 18.
This means that potentially hundreds of millions of devices could be vulnerable to attacks using DarkSword. The main feature of the tool is that it does not need to be installed on the device. The user just needs to open the infected website. After that, data collection begins, including personal and financial information.
How the attack works and what is stolen
Unlike classic spyware, DarkSword is not designed for long-term surveillance. As Lookout researchers note, after completing data collection, the tool deletes all created files and stops working. The entire process can take a few minutes.
During this time, attackers can gain access to a wide range of information: call logs, contacts, calendars, notes, photos, screenshots, movement history and browser. Account data, iCloud content, Wi-Fi passwords, SIM card information and “Find iPhone” settings are also at risk.
In addition, the attack affects correspondence and data from popular services: iMessage, email, WhatsApp and Telegram. In some cases, even keys to crypto wallets can be stolen. After the device is rebooted, traces of the presence of malicious code practically disappear, which makes it difficult to detect the attack.
Geography of attacks and schemes
The researchers provide examples of specific incidents. One of the early cases was recorded in November: users from Saudi Arabia went to the Snapshare website, designed as a Snapchat service. After that, they were redirected to this site, and the infection occurred unnoticed.
To do this, the attackers hacked news resources and government websites. The analysts also link this group to another tool, Coruna, discovered earlier this year. It targeted devices running older versions of iOS, from 13 to 17. The experts pay special attention to the behavior of the attackers: the DarkSword code is not hidden and remains accessible, which makes it easy for other attackers to reuse it. This may indicate confidence in the ability to quickly create new similar tools even after closing the current vulnerabilities.
Don't miss interesting news
Subscribe to our channels and read announcements of high-tech news, tes
Oppo A6 Pro smartphone review: ambitious
0 
Creating new mid-range smartphones is no easy task. Manufacturers have to balance performance, camera capabilities, displays, and the overall cost impact of each component. How the new Oppo A6 Pro balances these factors is discussed in our review.
One UI 8.5 Gives Older Samsung Phones a New Lease on Life — Here’s What the Update Brings
0 
One UI 8.5 brings features once exclusive to Samsung’s newest flagships to older Galaxy devices. But can the update really make the Galaxy S22, S23 and S24 feel closer to the Galaxy S26 experience? Here’s what actually changes after installing the new firmware.
The new Peugeot E-208 GTi debuts at Le Mans: 280 hp, sports chassis and electric traction
The French automaker is preparing the production version of the Peugeot E-208 GTi – the first fully electric car in GTi history.
Apple updates support for Apple Watch: watchOS 27 will deprive some models of new functions
Apple has reviewed the list of devices compatible with the upcoming version of the operating system for smart watches – watchOS 27.