Recent reports have unveiled a concerning trend: sophisticated iPhone hacking techniques, once considered rare and elusive, are now being deployed on a large scale through infected websites. One such technique, **DarkSword**, has the capability to compromise hundreds of millions of **iOS** devices, placing a substantial portion of the world's **iPhone** users at risk. ### Discovery and Impact Researchers at **Google**, **iVerify**, and **Lookout** jointly revealed the discovery of **DarkSword**, a sophisticated iPhone hacking technique found on infected websites. This exploit kit can silently compromise **iOS** devices that visit these sites. While it doesn't affect the latest **iOS** versions, it targets devices running older versions, including **iOS 18**, which still accounts for a significant portion of **iPhone** users. According to **iVerify** cofounder and CEO Rocky Cole, “A vast number of **iOS** users could have all of their personal data stolen simply for visiting a popular website.” He emphasized that hundreds of millions of users with older **Apple** devices or operating systems remain vulnerable. ### Overlap with Coruna Toolkit The discovery of **DarkSword** follows the recent exposure of another advanced hacking toolkit, **Coruna**, used by a Russian state-sponsored espionage group and other malicious actors. Although developed separately, **DarkSword** was found to be used by the same Russian spies, embedded in legitimate Ukrainian websites to harvest data from visitors' phones. **Google** has also identified instances of **DarkSword** being used to compromise phones in Saudi Arabia, Turkey, and Malaysia. Notably, customers of the Turkish security firm **PARS Defense** appear to have utilized the intrusion tool in the Turkish and Malaysian attacks. This suggests that **DarkSword** has already spread to multiple hacking groups, with the potential for further proliferation. ### Ease of Use and Potential for Abuse **iVerify** researcher Matthias Frielingsdorf pointed out that the Russian hackers inadvertently left the complete **DarkSword** code, including explanatory comments, accessible on compromised sites. This carelessness makes it exceedingly easy for other hackers to adopt the tool and target more **iPhone** users. ### Apple's Response An **Apple** spokesperson stated that the company's security teams are working to protect users' devices and data. **Apple** has released security updates to mitigate the risks posed by both **Coruna** and **DarkSword**, including emergency updates for older devices that cannot run **iOS 26**. The spokesperson emphasized that keeping software up to date remains the most critical step users can take to maintain the security of their **Apple** devices. Enabling **iOS**'s **Lockdown Mode** also provides additional protection. ### Data Theft and Stealthy Techniques According to **Lookout**, **DarkSword** is designed to steal a wide range of data from vulnerable **iPhones**, including passwords, photos, messages from various apps, browser history, and even data from **Apple**'s Health app. The tool also targets cryptocurrency wallet credentials, indicating a potential for financially motivated cybercrime. Unlike traditional spyware, **DarkSword** employs "fileless" techniques, hijacking legitimate system processes to steal data. This approach leaves fewer traces and makes detection more challenging. The infection is temporary, lasting only until the phone reboots, in what **iVerify**'s Cole describes as a “smash-and-grab” approach. ### Vulnerability Window While **Coruna** targets **iOS** versions 13 through 17, **DarkSword** primarily affects **iOS 18**, the version preceding **iOS 26**. This makes a larger number of phones vulnerable, particularly given the slower adoption of **iOS 26**, which has faced criticism for its user interface. Both **Apple** and **StatCounter** indicate that a significant percentage of **iPhone** users are still running **iOS 18**. Users are advised to update their **iPhones** by navigating to **Settings**, then **General**, then **Software Update**. Security apps from **iVerify** and **Lookout** can also detect **DarkSword** infections. ### Origins Remain a Mystery The creators of **DarkSword** remain unknown, but researchers believe it was likely developed by a "broker" firm that specializes in selling hacking techniques. The presence of English-language comments in the code and its association with **Coruna** suggest a potential link to such a firm.