A new malicious software threatens certain iPhone users, as warned by the American security firm Lookout.
In an article dated March 18, the firm explains that they have discovered, in collaboration with Google and iVerify, “DarkSword,” a new threat for iPhones running on iOS 18.4 to 18.6.2.
According to Lookout, this malicious software was deployed by the same actor – still unknown to this day – who was behind the “Coruna” hacking tool reported at the beginning of 2026 by Google and iVerify.
READ ALSO: Why major retailers and companies want your old computers and iPhones
Lookout specifies in their article that “DarkSword” is “extremely sophisticated” and aims to extract a large amount of personal information, “including device identifiers,” and “specifically targets numerous cryptocurrency wallet applications.”
“DarkSword seems to adopt a ‘clear’ approach by collecting and exfiltrating targeted data from the device in seconds, or a few minutes maximum, before deleting them.”
– Lookout, excerpt from the article ‘Attackers Wielding DarkSword Threaten iOS Users’
According to Lookout, iPhones running the latest versions of iOS (18.7.3 for iOS 18 and 26.3 for iOS 26) are not vulnerable to this threat or the vulnerabilities it exploits.
A danger in Quebec?
It is difficult to know if attacks carried out by “DarkSword” have impacted victims in Quebec, however, according to François Caron, Senior Director at Vars, Cybersecurity Division of Raymond Chabot Grant Thornton, the risk for Quebec iPhone users to be targeted “is really important.”
In an interview with Noovo Info, Mr. Caron emphasized that the malicious software “DarkSword” relies on significant resources.
“Just to give you an idea, this type of malicious software can cost between 500,000 or 1 million dollars to run a campaign,” he explained.
The cybersecurity expert also added that this new malicious software had been made available to the general public, posing an additional danger.
“The source code for this software has been deployed on a platform that allows access to this type of resources for free, which means that any malicious attacker can use the code, and it is a fully functional code so the risk of malicious use is huge,” he stated.
Another danger of “DarkSword” lies in the fact that even if there are some subtle signs ( ‘very subtle,’ according to Mr. Caron) that can indicate its presence, the software goes virtually unnoticed.
“There is no interaction with the person. The software compromises a site, legitimate or not, and once the site is compromised, it attacks visitors. So, the victim goes to the site and the code executes directly. The victim doesn’t need to click on a link,” explained François Caron.
What to do to protect yourself?
According to information gathered by Noovo Info regarding “DarkSword,” you are potentially at risk if you use an iPhone running on versions earlier than 18.6 or 26.2, depending on the model.
“The best recommendation we can give to anyone is to keep your phone up to date, either automatically or manually,” advised Mr. Caron.
READ ALSO: CHOC FM radio station paralyzed by a cyberattack
In case of doubt, another advice is to perform a complete restart of your phone.
“This type of infection does not have a persistence mechanism. Once the infection is done, it resides in the phone’s memory and there is no known way – at least known – for the infection to resurface if you reboot. The infection disappears,” highlighted the cybersecurity expert, warning that the malicious software could reappear if you return to the infected site.
If you own an iPhone dating back several years, and especially if updates are no longer available, it is recommended to opt for a new device.
“This applies not only to the iPhone, but really to everything that is technological. The more obsolescence is visible, the more vulnerabilities there are,” mentioned François Caron.
The usual prevention measures remain relevant to protect yourself, such as avoiding clicking on links in unsolicited messages.
In a dedicated page to mobile device security, the Quebec government also advises to avoid insecure connections, like some free public Wi-Fi networks. These access points “often lack adequate protection: allowing malicious individuals to intercept your communications and data.”
It is also recommended to limit your access rights, such as geolocation or access to the microphone or camera, to non-essential applications. “These requests can compromise your personal information.”
Scams are numerous
When discussing malicious software today, it is important to remember that there are numerous types of fraud related to cell phones or tablets, such as phishing via text messages, identity theft via phone, missed call scams, or fake IT technicians.
In 2024, the Canadian Anti-Fraud Centre observed an increase in the number of victims affected by the top ten frauds committed in the country, with the two most significant being banking investigation fraud (16.5%) and phishing (6.8%).
In Quebec, in 2024, the Canadian Anti-Fraud Centre received 10,321 fraud reports totaling over $55 million.
The three main reported frauds were identity fraud, personal information-related fraud, and “bank investigator” fraud.
