Affects iPhones running iOS 18.4 to iOS 18.7 via a one-click Safari exploit
Malware can steal crypto wallet data and Wi-Fi passwords, then erase traces quickly
Apple has patched the issue; devices on iOS 18.7.3 and newer are safe
If you’re using an old iPhone with an older version of iOS, you should be aware. According to Google, Lookout, and iVerify, a newly identified cyberattack campaign called DarkSword is targeting Apple iPhones running older versions of iOS (iOS 18.4 to iOS 18.7). As per the researchers, the exploit chain has been active since November 2025 and has been used by commercial surveillance vendors as well as suspected state-backed scammers.
The campaign has been observed targeting Saudi Arabia, Turkey, Malaysia, and Ukraine, with attackers exploiting a series of vulnerabilities to gain access to eligible devices. This can enter through malicious websites accessed through Safari. This means it’s a one-click attack with little to no interaction.
Once inside, the malware can quickly collect sensitive information such as cryptocurrency wallet data and Wi-Fi credentials before erasing any evidence of its presence within a few minutes. Researchers refer to this as a “hit-and-run” strategy aimed at quick data exfiltration.
Lookout, a security firm, claimed that the campaign was carried out by the Russian hacking group UNC6353. This group has previously been linked to the iOS exploit tool Coruna, which targeted iPhones running iOS 13 through iOS 17.2.1.
According to the report, earlier versions of the attack were spread through fake websites that looked like Snapchat, tricking users into clicking on them. In separate campaigns, a Turkish surveillance firm known as PARS Defence is said to have used the same exploit to install backdoor malware on devices in Turkey and Malaysia.
Who is safe and how to be safe?
The report also stated that the attack is entirely dependent on six different vulnerabilities working together, allowing hackers to deploy various types of malware depending on the objective. Apple has since fixed these issues with software updates, including iOS 26.3, and says devices running iOS 18.7.3 or later are no longer at risk.
The company has also released emergency updates for older iPhones that are unable to upgrade to the latest iOS version. Researchers add that enabling Lockdown Mode, Apple’s high-security feature, completely prevents such attacks..
