Cybersecurity researchers discovered a hacking campaign last week that employed the sophisticated hacking tool DarkSword to target iPhone users. A more recent version of DarkSword has now been leaked and posted on the code-sharing website GitHub.
Researchers are cautioning that this will make it simple for hackers to utilize the tools to attack iPhone users who have not yet updated to Apple’s most recent iOS 26 software and are using older versions of the company’s operating system.Apple’s own statistics on outdated devices suggests that hundreds of millions of actively used iPhones and iPads are probably affected.
This is not good.The cofounder of the mobile security startup iVerify, Matthias Frielingsdorf, told TechCrunch on Monday that they are far too simple to repurpose. “I do not think it can be contained any longer. Therefore, we should anticipate that criminals and others will begin using this.
Although the files are slightly different, Frielingsdorf claimed that these new DarkSword malware versions have the same infrastructure as the ones he and his iVerify colleagues previously examined.According to him, anyone can copy and paste the simple HTML and JavaScript files submitted to GitHub and host them on a server “in a couple minutes to hours.
The exploits will function right out of the box, according to Frielingsdorf. “No prior knowledge of iOS is necessary.
Google’s researchers concur with Frielingsdorf’s evaluation, according to Kimberly Samra, a representative for the business that previously examined the DarkSword vulnerability.
TechCrunch was also informed by a security enthusiast with the name matteyeux that using the leaked DarkSword samples is actually quite simple. Using the “in the wild” DarkSword sample that is making the rounds online, Matteyeux claimed in a post on X Monday that he was able to hack an iPad mini tablet running iOS 18, the prior version of the operating system that is susceptible to DarkSword.
TechCrunch was informed by Apple spokesperson Sarah O’Rourke that the business was aware of the attack that targeted devices running outdated and older operating systems. On March 11, the company released an emergency fix for devices that could not run the most recent versions of iOS.
The single most critical thing you can do to safeguard the security of your Apple products is to keep your software up to date,” O’Rourke stated, adding that Lockdown Mode would also prevent these particular assaults and that devices with updated software were not at danger from the reported attacks.
A request for comment was not immediately answered by a representative for Microsoft, the company that owns GitHub.
The code includes multiple comments explaining how the vulnerabilities function and how to implement them, but TechCrunch is not linking to it because it can be used in active assaults.
The exploit “reads and exfiltrates forensicallyrelevant files from iOS devices via HTTP,” according to a comment that was probably written by one of the developers who worked on DarkSword. This refers to stealing data from an individual’s iPhone or iPad and sending it over the internet to a server under the control of the attacker.
The comment says, “This payload should be injected into a process with filesystem access class.
In one instance, the code refers to “postexploitation activity” and explains what happens once the malware gains access to the user’s phone and steals its contacts, messages, call history, and iOS keychain—which stores Wi-Fi passwords and other secrets—before dumping it onto a distant server.
TechCrunch was unable to ascertain the reason for another file’s references to uploading data to a well-known Ukrainian clothing website. Russian government hackers are accused of using DarkSword to attack Ukrainian targets.
According to iVerify, Google, and Lookout, who also previously examined the DarkSword malware, this specific spyware targets iPhones and iPads running iOS 18.
Approximately 25% of iPhone and iPad users are still using iOS 18 or earlier, according to Apple’s own statistics.With over 2.5 billion gadgets in use, hundreds of millions of people’s devices are probably at risk from DarkSword assaults.
For this reason, Frielingsdorf advises everyone to update the operating system on their iPhone.
Only a few weeks had passed since researchers found Coruna, another sophisticated iPhone hacking toolkit, when DarkSword was uncovered. Coruna was initially created by the defense contractor L3Harris, whose Trenchant subsidiary creates hacking tools for the US government and its allies, according to TechCrunch.
Leave feedback about this