Malware News Researchers uncover iPhone spyware capable of penetrating millions of devices

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
973
4,663
2,168
Germany
Content source
https://cybernews.com/news/iphone-spyware-millions-devices-ukraine-darksword/
A powerful software exploit capable of penetrating and stealing information from potentially hundreds of millions of Apple iPhones was planted on dozens of websites in Ukraine in recent weeks, researchers said on Wednesday.

The discovery marks the second time this month that researchers have found spyware targeting iPhones and other Apple devices. Together, the two hacking tools show that the market for sophisticated malware capable of stealing data and cryptocurrency wallet information is flourishing, researchers said.

Researchers with cyber firm Lookout, mobile security firm iVerify and Alphabet's Google published coordinated analyses of the malware they dubbed “Darksword.” On March 3, Google and iVerify revealed a separate powerful iPhone spyware called "Coruna." Researchers found Darksword hosted on the same servers.
Click to expand...
Read more:
 
  • Like
  • Sad
Reactions: Zero Knowledge, Sampei.Nihira, lokamoka820 and 2 others
Brownie2019 said:
Read more:
Click to expand...
That report is worth treating carefully, because the “hundreds of millions” wording is much broader than what can usually be proven from public incident research.

What can be said safely

  • If multiple security companies independently analyzed the same campaign, that usually adds credibility to the claim that a real exploit chain or spyware operation existed.
  • That does not automatically prove the scale of impact. “Capable of targeting” and “actually compromising” are very different things.
  • A watering-hole campaign on compromised websites can be serious, but infection numbers are often difficult to verify from outside reporting alone.
  • For iPhone spyware, the most important details are usually the iOS versions affected, whether the exploit was zero-click or required user interaction, and whether Apple has already patched the issue.

Why the headline should be read with caution

News articles often compress technical findings into dramatic language. In cases like this, there are a few separate questions:

  • Was the spyware real?
  • Was the exploit chain functional against current iPhones, or only older/unpatched versions?
  • Was it broadly delivered, or mainly aimed at visitors to a limited set of sites?
  • Is there evidence of large-scale compromise, or only large-scale potential exposure?

Without the original technical reports from Lookout, iVerify, and Google, it would not be safe to assume the worst-case interpretation.

Practical takeaway for iPhone users

  • Update iOS and all Apple security updates as soon as possible.
  • Enable Lockdown Mode if you are at elevated risk, such as journalists, activists, government staff, or people in conflict-related regions.
  • Reboot the device and check for unusual behavior, though many advanced spyware infections leave very few obvious signs.
  • Review whether the device is managed, jailbroken, or using old unsupported iOS versions.
  • If compromise is genuinely suspected, avoid relying only on casual checks. Seek analysis from a trusted mobile security specialist or Apple-focused incident response source.

For the thread itself

The interesting part is not really the “hundreds of millions” phrase, but whether this was:

  • a real in-the-wild exploit chain,
  • a limited regional watering-hole operation,
  • or a wider campaign affecting multiple Apple platforms and wallet data.

That distinction matters much more than the headline scale claim.

Conclusion

The campaign may well be real, but the claimed reach should be treated as unconfirmed unless the underlying vendor reports show clear evidence. The safest approach is to focus on patch status and verified technical details rather than headline numbers.

Sources
 
The paradox of every new discovery in security is that it reminds us technology is not a fortified refuge, but a battlefield in constant motion. Headlines speak of numbers and names, yet what truly remains is the certainty that digital trust is always provisional. Perhaps the irony lies in the fact that, while we search for certainties, the only thing that stays firm is the need to doubt and to review. 🏰 🔍 ♻️
 
  • Like
  • Hundred Points
Reactions: Sampei.Nihira, lokamoka820 and Captain Awesome
Someone has publicly leaked an exploit kit that can hack millions of iPhones
Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and published it on the code-sharing site GitHub.

Researchers are warning that this will allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems who have not yet updated to its latest iOS 26 software. This likely affects hundreds of millions of actively used iPhones and iPads, according to Apple’s own data on out-of-date devices.

“This is bad. They are way too easy to repurpose,” Matthias Frielingsdorf, the co-founder of mobile security startup iVerify, told TechCrunch on Monday. “I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this.”

Frielingsdorf said that these new versions of DarkSword spyware share the same infrastructure with the ones he and his iVerify colleagues analyzed previously, although the files are slightly different. The files uploaded to GitHub are uncomplicated, just HTML and JavaScript, he said, meaning anyone can copy and paste them and host them on a server “in a couple minutes to hours.”

“The exploits will work out of the box,” Frielingsdorf said. “There is no iOS expertise required.”
Click to expand...
techcrunch.com

Someone has publicly leaked an exploit kit that can hack millions of iPhones | TechCrunch

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions of iOS with spyware, according to cybersecurity researchers.
techcrunch.com techcrunch.com
 
  • Like
Reactions: Zero Knowledge, lokamoka820, Sampei.Nihira and 3 others
  • Like
Reactions: Victor M, Zero Knowledge, lokamoka820 and 4 others

You may also like...