Hackers can gain acess to accounts, messages, crypto wallets, emails and more
Gardaí have warned iPhone users that their data may be at risk due to a new hacking toolkit that can be used to quietly gain access to important accounts.
The hacking kit, known as ‘DarkSword’, exploits vulnerabilities in older versions of Apple’s iOS software, the operating system that powers the iPhone and a range of other products. Unlike other hacks that may encrypt a phone’s data and demand a ransom to unlock it, the DarkSword malware operates quietly in the background, gathering data with the user none the wiser.
The software can gather a large amount of personal information from messages, emails, and other apps, and may also gain access to important accounts. Social media accounts on these devices are almost always permanently logged in, and the software can gather passwords for banking apps and other accounts that require individual logins each time.
Thankfully, users can protect themselves against DarkSword by updating their phones to the latest iOS version, as the kit exploits vulnerabilities in older versions. Gardaí say that the kit primarily affects Apple devices running iOS versions 18.4-18.7. You can check what version your phone is running in your settings app.
One of the most concerning elements of DarkSword is that it doesn’t require a user to click a link or interact with it directly to start running on their device. The kit can be embedded in compromised websites, waiting for a user to log in before quietly installing itself on the device and skimming the data.
The kit was first brought to Apple’s attention late last year, and last week, Google’s Threat Intelligence team released a blog post explaining how the hack works and which groups have been observed using it. Here in Ireland, Garadí have issued the following advice:
What you need to know:
- Devices are infected by compromised websites or infected links that inject malware and bypasses the standard protections on the phone.
- Users don’t receive any notification that the device has been compromised as the malware works silently in the background with no effect on the phone’s operation.
- The malware primarily targets Apple devices running iOS versions 18.4 – 18.7 and allows attackers to access content, messages, contacts and credentials stored on the phone.
What you can do to protect your device:
- Apple has released patches to account for the vulnerability and users are advised to update their devices to iOS 26.3.1 or 18.7.6 to fully protect their phones.
- Enabling lockdown mode in the device settings will give stronger protection, but this may limit some functionality.
For users whose iPhones are unable to run the latest iOS software, lockdown mode is a good option to beef up security, but it will affect how the phone can be used.
Under lockdown, an iPhone will not accept FaceTime calls from people you haven’t contacted in 30 days, certain web page features will be blocked, most message attachments will be unavailable, and your device will not join unsecured wifi networks – which are popular vectors for hacks.
A Garda spokesperson advised users who believe their devices have been compromised to contact cybersecurity professionals and make a report at their local Garda station.
