0
0
A newly discovered piece of malware is putting hundreds of millions of iPhones at risk, according to researchers from Google’s Threat Intelligence Group (GTIG). The spyware, named “Darksword,” was analyzed in collaboration with security firms Lookout and iVerify. Investigators found that the malware spreads through Apple’s Safari browser — and a single tap on a malicious link is enough to infect a device.
Hundreds of Millions of Devices Affected
Cybersecurity experts warn that all iPhones running iOS versions 18.4 through 18.7 are vulnerable. According to reporting from Wired, these versions are installed on hundreds of millions of devices worldwide, making the potential impact enormous.
A Fast and Stealthy Attacker
What sets Darksword apart from typical mobile malware is its speed and stealth. Instead of lingering on a device, the spyware rapidly extracts data and then deletes itself, leaving behind minimal traces. This makes detection and forensic analysis significantly more difficult.
Researchers say the malware targets a wide range of sensitive information, including:
- Messages from various apps
- Emails
- Saved passwords
- Photos and contacts
- Calendar entries
- Health and location data
- Login credentials for cryptocurrency wallets
Used by Multiple Hacker Groups
Darksword is not tied to a single threat actor. Since November 2025, several cybercriminal groups have reportedly deployed the malware in attacks. Targets have included individuals and organizations in Ukraine, Saudi Arabia, Turkey, and Malaysia, suggesting a broad and diverse set of motives.
Apple Issues Security Fixes
According to the researchers, Apple has already patched the underlying vulnerability. Devices running iOS 18.7.3 or later are no longer at risk. Users can check their current software version by navigating to:
Settings → General → Software Update
From there, they can download the latest available update.
Older Devices Left Behind
Owners of older iPhone models — such as the iPhone X, 8, or 7 — face a more difficult situation. These devices cannot install the required update and therefore remain exposed to the vulnerability.
Security experts recommend enabling Lockdown Mode, a high-security setting designed to reduce the attack surface on vulnerable devices. It can be activated under:
Settings → Privacy & Security → Lockdown Mode
While Lockdown Mode restricts certain features, it provides meaningful protection against sophisticated attacks like Darksword.
- Hector Pascus with reference from heute.at/picture: pixabay.com
This post has already been read 64 times!
