What is DarkSword? The latest malware that could hit iPhones above THIS version and how to stay protected from it?

Smartphones are supposed to make life easier, but a new threat called DarkSword is reminding iPhone users that even simply visiting a website could turn into a nightmare!A powerful iOS exploit kit, DarkSword, has been quietly targeting millions of unpatched iPhones by slipping through web pages, stealing sensitive data, and leaving almost no trace behind. Unlike obvious malware that requires you to tap an “Install” button, this attack can hit you just by loading a compromised website on a vulnerable device.DarkSword is a powerful exploit kit that uses six iOS vulnerabilities, including several zero‑days, to break into iPhones. According to Lookout, it mainly targets devices running iOS 18.4 through 18.7 and is built to escape the browser’s sandbox before gaining full kernel‑level access. The attack usually begins with a “watering hole” setup, where attackers inject malicious code into legitimate websites. When a vulnerable iPhone visits such a page, the exploit runs automatically with no extra action from the user.DarkSword then deploys payloads like GHOSTBLADE, GHOSTKNIFE, or GHOSTSABER to steal messages, app data, and other sensitive information without leaving typical malware files behind, making it hard to detect.According to PCMag, DarkSword mainly affects iPhones running iOS 18.4 to 18.7, with some also including versions up to 18.6.2 or 18.7 depending on the campaign said iVerify.Apple has since patched these flaws in later iOS updates in late 2025 and early 2026, but many users still delay updating their phones.Security firms estimate that roughly 220 million to 270 million iPhones still run versions that fall within this vulnerable range, based on public‑facing adoption data. While not all of them will be attacked, any iPhone in this window that browses the web on a compromised site is at risk, especially if it is used for banking, messaging, or cryptocurrency apps.Researchers have linked DarkSword to several threat actors. According to Google Threat Intelligence Group, a suspected Russian espionage group named UNC6353 has used DarkSword in watering‑hole attacks on Ukrainian websites, including news outlets and even a government site. These campaigns, active since at least late 2025, suggest that the tool is being used for espionage rather than just financial crime.Commercial surveillance vendors are also deploying the DarkSword exploit kit, targeting users in countries such as Saudi Arabia, Turkey, and Malaysia. According to threat intelligence reporting, these campaigns show that DarkSword, once a tool used mainly by elite or state‑linked groups, has now spread into a marketplace where governments, spies, and cybercriminals can all buy access to the same powerful iOS‑hacking tools.DarkSword is not the first major iOS exploit kit exposed in 2026. Just weeks earlier, on March 3, 2026, Google and iVerify revealed Coruna, another powerful iOS exploit kit that used 23 vulnerabilities to attack devices running iOS 13 to 17.2.1.According to researchers, DarkSword shares some infrastructure and attack patterns with Coruna campaigns, indicating that the same broader ecosystem of exploit developers and users is involved.Where Coruna focused on older iOS versions, DarkSword shifts attention to newer, still‑widespread iOS 18 builds, suggesting that advanced spyware is constantly evolving to exploit the latest versions people actually use.The most important step is to update to the latest iOS version as soon as possible. According to Apple’s security‑advice line, timely updates are the primary way to close the vulnerabilities that kits like DarkSword rely on.In addition, security teams recommend that high‑risk users such as journalists, activists, or business executives, enable Lockdown Mode, which tightens Safari restrictions and blocks many advanced attacks. Users should also avoid clicking suspicious links, especially in messages or emails, and can consider using specialised detection tools such as iVerify to help spot unusual activity.