Cybersecurity researchers are raising alarms over DarkSword, a new spyware toolkit capable of compromising iPhone devices without requiring any software installation. Reports from Google Threat Intelligence Group and cybersecurity firms Lookout and iVerify detail how the exploit affects iOS devices running versions 18.4 through 18.7, putting millions of users at risk. According to Apple developer statistics, approximately 25 percent of iPhones remain on iOS 18, leaving a substantial portion of devices potentially vulnerable to this attack. Unlike typical spyware, DarkSword operates quickly, stealing data and removing traces of its presence within minutes, which makes detection and remediation challenging for affected users.
The attack method employed by DarkSword is notable for its simplicity. A user only needs to visit a compromised website for the spyware to initiate its attack, leveraging multiple vulnerabilities in iOS to gain access to sensitive device data. Once the exploit is executed, the spyware collects personal and financial information, including call logs, contacts, calendars, photos, screenshots, location history, browser data, iCloud content, SIM card details, WiFi passwords, and device keychains. It can also capture data from messaging apps such as iMessage, WhatsApp, Telegram, and email accounts, along with cryptocurrency wallet credentials. After exfiltrating the information, DarkSword deletes its footprint from the device, leaving minimal evidence and effectively erasing itself once the operation is complete.
Lookout researchers emphasized that DarkSword is not designed for long term surveillance. Its primary objective is rapid data exfiltration, after which the malware exits the system. The brief dwell time, combined with its self cleaning capability, means that devices may appear unaffected even after sensitive information has been stolen. Restarting the infected device effectively removes traces of the spyware, making traditional detection methods less effective. Analysts warn that the ability of attackers to execute such operations without requiring installation increases the risk for millions of iPhone users, particularly those running older versions of iOS that have not received recent security updates.
Further concern arises from the accessibility of the DarkSword toolkit itself. Cybersecurity reports indicate that portions of the code have been left exposed online, allowing other malicious actors to replicate the attack. The lack of cleanup or obfuscation by the original threat actors suggests confidence that similar exploits can be deployed repeatedly. Experts advise iPhone users to ensure that devices are updated to the latest supported iOS versions and to exercise caution when visiting untrusted websites. Organizations managing fleets of iPhones are encouraged to deploy monitoring solutions and maintain strict security hygiene to reduce exposure to exploits like DarkSword, which combine ease of execution with highly targeted data theft techniques.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
