The DarkSword spyware tool allows attackers to instantly gain access to personal data on the device, while leaving minimal traces after a system restart. Devices running on the iOS 18 operating system are under particular threat.
Security experts learned about the existence of DarkSword back in mid-2025. Initially, its use was associated with targeted attacks, including against Ukrainian users.
According to conducted research, DarkSword was used in pinpoint attacks against users in Ukraine, Saudi Arabia, Malaysia, and Turkey. For example, in Saudi Arabia, attackers used a fake website which was outwardly almost identical to the popular Snapchat service. In Ukraine, at least two web resources were compromised, including a government website.
It is reported that in recent months, this tool has significantly evolved: its new versions allowed hacking an increasing variety of iOS builds. A key turning point occurred after DarkSword’s source code became publicly available, specifically on the GitHub platform. Moreover, the entry barrier for working with this tool is minimal: it primarily consists of HTML and JavaScript files, which are simply copied and placed on a server to start conducting attacks.
DarkSword uses a full chain of hacking exploits, which allows gaining virtually full access to the victim’s device. Infection usually occurs via the internet — the user simply needs to open a specially prepared page.
It can masquerade as a regular website or be styled as a link in a message. After such a page loads, malicious code automatically exploits system vulnerabilities and launches an attack — without the need to install anything extra or confirm actions.
This is why such attacks are called «zero-click» or occurring almost without user interaction: for a hack, just one navigation to a malicious link is enough.
After infection, the tool acts extremely quickly and remains almost undetectable. Within minutes, it collects and transmits various data to the attackers’ server: contact list, messages, call history, as well as the contents of the system Keychain storage, where passwords are kept — including for Wi-Fi networks and various internet services.
Separately, experts note the tool’s interest in cryptocurrency wallet data, which directly indicates the financial motivation behind many attacks.
Unlike classic spyware, DarkSword does not remain in the system for a long time. It uses a «hit and run» tactic: after successfully collecting information, the program deletes its traces and terminates operation. This significantly complicates the detection of an attack and makes it particularly dangerous for the average user.
Devices with iOS versions from 18.4 to 18.7 currently remain the most vulnerable. According to preliminary estimates, about a quarter of iPhone owners still use them — this could amount to up to 270 million devices worldwide. iPad tablets with the same operating system versions are also at risk.
At the same time, the new iOS 26 version (which was previously known in development as iOS 19) already closes these vulnerabilities and is considered completely secure.
How to protect your iPhone?
In such a situation, the user’s actions play a decisive role. First of all, you need to check which system version is installed on your device. This is done through the menu: Налады (Settings) → Асноўныя (General) → Абнаўленне ПЗ (Software Update). If the system offers to install iOS 26, you should download it as soon as possible — this is the most reliable way to protect against hacking.
If your iPhone supports the new system version (these are models from iPhone 11 and newer, including iPhone SE second generation and later releases), the update completely fixes the security flaw and requires no additional measures.
If you have an older iPhone that no longer supports installing the new iOS 26 version (usually models released before 2019), this does not mean you are left without protection. On March 11, Apple released special separate security updates for such devices.
To get such an update, you need to go to the same system update settings — and if a patch is available, it will appear in the list. It is installed just like a regular update.
If for some reason you don’t have the option or desire to update your device, you can enable additional protection — Lockdown Mode. It is located in the section: Налады (Settings) → Прыватнасць і бяспека (Privacy & Security) → Рэжым блакіроўкі (Lockdown Mode) → Уключыць рэжым блакіроўкі (Turn On Lockdown Mode).
This mode will take effect after a system restart and will significantly limit some functions (for example, loading complex content in the browser or processing files from unknown senders), but it will significantly reduce the risk of a successful compromise of your device.
Click Here For The Original Source.
