A highly sophisticated hacking campaign, dubbed “DarkSword,” is exploiting vulnerabilities in iPhones to steal personal data from millions of users. The attacks bypass standard security measures, extracting text messages, emails, and location history within minutes before erasing all traces of the intrusion.
How the Hack Works
Researchers from Google, Lookout, and iVerify identified that DarkSword targets iPhones running iOS versions 18.4 through 18.6.2. Hackers leverage Apple’s Safari browser and the WebGPU graphics feature to penetrate the device’s defenses. This “hit-and-run” technique ensures rapid data exfiltration with minimal risk of detection.
Scale of the Threat
Approximately 14% of iPhone users – representing over 221 million devices – are currently running vulnerable iOS versions. The potential reach extends to 270 million devices if broader vulnerabilities exist in other iOS iterations. This makes DarkSword one of the most widespread mobile exploits in recent memory.
Shift in Cybercrime
According to Justin Albrecht, Lookout’s global director of mobile threat intelligence, this attack signifies a dangerous trend: “Advanced mobile malware has ceased to be a tool wielded solely by governments for espionage and is now in the hands of groups seeking financial gain.” The hack underscores the increasing commercialization of previously state-sponsored cyber weapons.
Attribution and Deployment
The campaign is attributed to UNC6353, a Russian-linked threat actor first identified by Google. Researchers have tracked the group deploying DarkSword in multiple countries, including Saudi Arabia, Turkey, Malaysia, and Ukraine. The attacks involve compromising legitimate websites with malicious scripts; when users visit these sites, malware is installed on their devices.
Apple’s Response
Apple has not yet issued a direct response to the current DarkSword campaign. However, the company stated to Reuters that device vulnerabilities have been addressed through multiple updates over several years.
The rapid evolution of mobile exploits like DarkSword demonstrates that cybersecurity is an ongoing arms race, with attackers constantly finding new ways to circumvent defenses. Users should stay vigilant, update their devices promptly, and avoid clicking on suspicious links.
