A powerful web-based hacking tool called DarkSword has been released publicly on GitHub, enabling cybercriminals to steal data from millions of iPhones running older iOS versions. Cybersecurity experts confirm that Russian hacking groups are already leveraging the exploit to fully compromise devices. The ease of deployment – requiring only basic web hosting and copy-pasted code – makes this tool particularly dangerous.
What is DarkSword and Why Does It Matter?
DarkSword is an exploit that doesn’t rely on tricking users into downloading malicious files. Instead, hackers deploy the tool on compromised websites. Any user with an outdated iOS version visiting that site becomes immediately vulnerable. The exploit rapidly extracts sensitive data, including passcodes, messages, emails, and even cryptocurrency wallet credentials.
This is significant because nearly 25% of all iPhones still run vulnerable versions of iOS (specifically between iOS 18.4 and 18.6.2), leaving hundreds of millions of devices at risk. The speed of the attack – data exfiltration occurs within seconds or minutes – and the clean-up process make detection difficult.
Origins and Active Deployment
Reports from Google’s Threat Intelligence Group, iVerify, and Lookout initially raised concerns about DarkSword last week, prompting a response from Apple. Google researchers previously linked the tool to UNC6353, a suspected Russian government-affiliated hacking group that targeted Ukrainian government agency sites with DarkSword.
Independent verification confirms the exploit is effective: one X user successfully hacked an iPad mini 6th gen running iOS 18.6.2 using the publicly available code. The tool is designed to work “out of the box,” requiring no specialized iOS expertise to deploy.
Urgent Mitigation Steps
To protect your Apple devices, update to the latest iOS version (currently iOS 26.3.1) immediately. If an update isn’t possible, Google’s Threat Intelligence Group recommends activating Lockdown Mode, which severely restricts device functionality to enhance security.
The release of DarkSword underscores the constant threat landscape facing mobile users. The rapid proliferation of zero-day exploits highlights the importance of proactive cybersecurity measures and timely software updates.
