Kyiv, Ukraine. Researchers said a powerful software exploit capable of penetrating iPhones and stealing information was planted on dozens of websites in Ukraine in recent weeks. The malware, dubbed “Darksword,” could affect potentially hundreds of millions of Apple iPhones, they said.
Coordinated analyses and links to earlier spyware
Researchers with cyber firm Lookout, mobile security firm iVerify and Alphabet’s Google published coordinated analyses of the malware they named “Darksword.” On March 3, Google and iVerify revealed a separate iPhone spyware called “Coruna,” and researchers found Darksword hosted on the same servers.
“There’s now a verified pipeline of recent exploits … that have ended up in the hands of potentially criminal entities with a financial focus,” said Justin Albrecht, principal researcher with Lookout.
Targeted iOS versions and exposure estimates
According to iVerify and Lookout, the malware was delivered to iPhone users running iOS versions 18.4 to 18.6.2 who visited one of the Ukrainian websites. Apple released those versions between March and August 2025.
Researchers said it was not clear how many iPhones are vulnerable to Darksword attacks. Apple has released multiple fixes for the underlying bugs used to make Darksword, but many people do not install iPhone updates, and an estimated 220 million to 270 million iPhones still run exposed iOS versions, according to iVerify and Lookout, based on public estimates. Google did not share its findings ahead of Wednesday’s report.
Apple did not respond to a request for comment.
Shift beyond state-linked hacking
The discovery of two distinct powerful iOS exploits this month suggests a robust ecosystem for tools that were previously limited primarily to state-level intelligence operations, said Rocky Cole, co-founder and COO of iVerify.
Researchers said they discovered the vulnerabilities because of security mistakes they described as not common in state-linked iPhone hacking.
“The fact that they don’t care if it gets burned, and that they’re using them in mass attacks with poor (operational security), that says a lot about how much they value these tools,” Cole said. “They’re not overly precious about them being exposed.”
What steps have you taken to keep your iPhone’s iOS version up to date?
