We have long praised iOS as an impregnable fortress, but it seems hackers have found a shortcut that doesn’t even require permission. Researchers from Google’s Threat Analysis Group, in collaboration with security firms Lookout and iVerify, have issued a strongly worded warning to iPhone users about a new malicious program called “DarkSword” (the Dark Sword). This program is not just an ordinary virus; it is an advanced intrusion tool capable of stealing all your data the moment you step (or tap) onto a compromised website, without needing to download any file or click an approval button.
How Does DarkSword Work? And Which Devices Are Targeted?
What makes DarkSword truly terrifying is the simplicity of the victim falling into the trap. Unlike traditional malware that requires you to install a suspicious app or grant certain permissions, here simply visiting an infected website initiates the intrusion. According to reports, this tool exploits vulnerabilities in iOS versions ranging from 18.4 to 18.7. Since Apple’s statistics indicate that nearly 25% of iPhone users still run these versions, we are talking about hundreds of millions of devices at risk worldwide.
The program operates in a “hit‑and‑run” manner; it does not remain on your device forever like complex government spyware that aims for long‑term surveillance. Instead, DarkSword enters, gathers the data it wants, then wipes its own files and exits the device within a few minutes. Once the iPhone is rebooted, it becomes virtually impossible to detect its presence or trace what happened.
List of Stolen Data: Your Information at Risk
If you think your privacy is protected, here is the long list of what DarkSword can pull from your device in those few minutes: call logs, contacts, calendar, notes, photos, screenshots, and location history. It even extends to browser history, Wi‑Fi passwords, iCloud data, and even encryption keys for digital cryptocurrency wallets.
And it doesn’t stop there; the program can breach the privacy of iMessage, email, and messaging apps such as WhatsApp and Telegram. The hackers behind this tool appear extremely confident, to the point of leaving its code publicly available for others to use, meaning we may see new waves of similar attacks in the near future.
Attacks Targeting the Region and Conflict Zones
Google’s report revealed specific incidents where DarkSword was used, the most notable being an attack in November that targeted users in Saudi Arabia. It was carried out via a website masquerading as the “Snapshare” service page linked to Snapchat; the site directed visitors to a genuine Snapchat link to deflect suspicion, while in the background it infected the iPhone with the malicious program.
In a more recent development, a hacking group called UNC6353, suspected of ties to the Russian government, was observed using the same tool to target users in Ukraine by compromising official news and government websites. This threat is believed to be linked to a previous attack known as Coruna, which targeted older OS versions (iOS 13 to iOS 17), illustrating how these attackers evolve their methods with each Apple update.
Source:
Leave a Reply