If the last month or so is any indication, we seem to have entered what might be described as a golden age for cybercriminals targeting weaknesses in Apple’s mobile devices. Despite the tech giant’s constant efforts to ward off any vulnerabilities in its iOS mobile operating system—because only vaguely legal government and corporate surveillance can be tolerated—tech observers have still been spooked by the unveiling of several software exploits and pieces of malware/spyware that could potentially be used to steal sensitive data and digital currency from not just millions but hundreds of millions of existing iPhones. And oh, that’s in addition to another piece of spyware that can apparently turn off the orange or green colored dot on your iPhone that is designed to let you know when you’re being recorded. So yeah, it’s great news for privacy and digital security all around.
This week, researchers at the cybersecurity firms Lookout and iVerify, along with Google, published an analysis describing several new forms of malware found populating Ukrainian websites, implying the probable presence of Russian hackers. Because these types of things apparently require colorful nomenclature, they dubbed one spyware program “Darksword,” and another “Coruna.” Both are capable of infecting an iPhone running iOS versions 18.4 to 18.6.2, merely because a person visited one of dozens of websites that were compromised. These programs are likewise capable of stealing data and searching for valuable entry into digital monetary assets such as cryptocurrency wallets.
“There’s now a verified pipeline of recent exploits … that have ended up in the hands of potentially criminal entities with a financial focus,” said Lookout researcher Justin Albrecht to Reuters.
Those versions of iOS were released by Apple between March and August of 2025, which means they’ve technically been replaced at this point by newer operating system updates, but that’s ultimately little comfort given that many users simply don’t install iPhone updates or even realize that those security updates exist. To that point, Lookout and iVerify estimated that there are 220 million to 270 million iPhones out there still running the iOS versions that are vulnerable to attack by these types of spyware. Apple said that it has since released several fixes for the underlying bug that attackers used to gain entry via Darksword, but it can’t do much of anything to protect a phone that is still running older iOS versions.
Moreover, the research firms noted that they discovered the vulnerabilities in these older operating systems due to “sloppy security mistakes not common in state-linked iPhone hacking,” despite the presence of this more sophisticated spyware suggesting that tools previously seen only in state-level intelligence was now becoming more accessible to a more common class of criminal. This troublingly would seem to suggest that the criminals involved here were not terribly concerned about this particular spyware being discovered … which could suggest that they have many other alternatives ready to deploy, once those ones were neutralized. The potential implication is that these hackers see iOS as more vulnerable than it’s ever been in the past.
To that point: Less than a month ago, another cybersecurity firm called Jamf discovered an entirely different form of new iPhone spyware was capable of suppressing the iOS camera and microphone recording indicators. These are known to users as the orange dot or green dot that appear in order to visually indicate to the user that an app is accessing the camera or microphone for recording purposes. Researchers, however, found that Intellexa’s Predator spyware could find a way to “intercept sensor activity used by the indicator system before it reaches the UI layer,” preventing the green or orange dots from displaying. Or in layman’s terms, it suggested that hackers using similar spyware could use it to activate your camera or microphone at any time, without your iPhone giving you any indication that the camera or microphone was in use.
It’s difficult to say what rank-and-file consumer tech users can be expected to do about any of this, beyond embracing suspicion and paranoia about their devices, and acting as if we are always being surveilled—an attitude that sadly proves relevant nearly every day of our lives as we step out into public. At the very least, iPhone owners should regularly keep track of whether there have been any security updates for their devices, and download the latest ones when they’re available.
Will that save any of us, at the end of the day? It’s enough to make one pine for the five pound, first-generation cordless monstrosities we once called mobile phones. At least those bricks weren’t a gateway to steal the contents of your nonexistent Bitcoin wallet.
