Hundreds of millions of iPhone users could be exposed to hackers using DarkSword, a new malware, if they haven’t recently updated their devices, cybersecurity researchers say.
An investigation by Google and cybersecurity firms Lookout and iVerify found that hackers (mostly operating from China and Russia) are using the tool to extract information from iPhones running older versions of iOS.
Researchers from the three companies found DarkSword attacks targeting iPhone users in Ukraine, China, Saudi Arabia, Turkey and Malaysia.
 It’s a big threat. There are probably a lot of people using this outdated version of iOS, and they are very vulnerable,” says Damon McCoy, professor and co-director of the Center for Cyber Security at New York University, for TIME.
Here’s what you need to know about DarkSword and how to protect yourself from a potential cyberattack.
What is DarkSword and how is it used to hack iPhones?
According to researchers, DarkSword is an exploit kit (a type of cyberattack that involves using multiple software vulnerabilities to infiltrate a user’s device and extract information). These vulnerabilities combined allow hackers to attack a device through multiple entry points, making DarkSword more difficult to counter.
The Google Threat Intelligence group said in a report released in mid-March that DarkSword “uses six different vulnerabilities to fully compromise a vulnerable iOS device.”
The company Lookout, which published its findings in collaboration with Google, for its part declared that DarkSword used these flaws to obtain higher level authorizations and privileges in a phone’s systems, so as to “access information sensitive and exfiltrate them from the device…
The cybersecurity company also concluded that attacks based on DarkSword started on the Safari browser before spreading to other systems on the phone. The exploit kit uses a technique of blitz attacks, which according to Lookout consist of extracting information in a few seconds or, “at most” in a few minutes before cleaning the collected data and deactivating itself.
Damon McCoy explique à TIME that attacks carried out through web browsers are called “stealth downloads” and work as follows: a user simply clicks on a link, and does not even need to download to their device, for a hacker to gain access to all its information.
Among the websites identified by researchers as being used for DarkSword attacks was an address gov.ua of the Ukrainian government. According to iVerify, the Ukrainian authorities’ server had been compromised. In another case, Google discovered that hackers had targeted iPhone users in Saudi Arabia through a site imitating the Snapchat application.
“ DarkSword appears to be a monitoring and intelligence gathering tool that scrapes all kinds of data including Wi-Fi passwords, SMS messages, call history, location history, browsing history, SIM card data and cellular data, as well as databases of health, notes and calendar, although it also searches cryptocurrency wallets,” iVerify explained in a press release.
According to Google, the tool has been used since “at least” November 2025 by “several commercial surveillance service providers and suspected state-backed actors” to exploit millions of targets.
Which iPhones would be affected?
Researchers believe that iPhones running iOS versions 18.4 to 18.7 are potentially vulnerable to attacks using DarkSword. According to iVerify, this affects around 270 million devices worldwide.
Comment protéger son téléphone ?
Apple a signalé à TIME a support page telling users how to protect their iPhone from Internet attacks.
After the researchers’ findings were published, Apple spokesperson Sarah O’Rourke said in a statement: “Keeping devices up to date remains the best thing users can do to maintain a high level of security on their Apple devices.”
The support page advises users to first update their operating system to its latest version, iOS 26, which will protect them from such attacks.
Google further states that “…all flaws have been fixed with the release of iOS 26.3 (although most were fixed before)…”.
In March, Apple also rolled out updates for iOS 15 and 16 to strengthen protection for users using older iPhone models. For those using devices running iOS 13 or 14, you should update them to iOS 15 to benefit from protection against malware attacks.
Finally, for iPhone users who are unable to update their device, Apple advises enabling… most sophisticated digital technologies…
