We have long praised iOS as an impregnable fortress, but it seems hackers have found a shortcut that doesn’t even require permission. Researchers from Google’s Threat Analysis Group, in collaboration with security firms Lookout and iVerify, have issued a strongly worded warning to iPhone users about a new malicious program called “DarkSword” (the Dark Sword). This software is not just an ordinary virus; it is an advanced intrusion tool capable of stealing all your data the moment you step (or tap) onto a compromised website, without needing to download any file or click an “allow” button.
How Does the Dark Sword Work? And Which Devices Are Targeted?
What makes DarkSword truly terrifying is the simplicity with which a victim falls into the trap. Unlike traditional malware that requires you to install a suspicious app or grant certain permissions, here simply visiting an infected website is enough to start the intrusion. According to reports, this tool exploits vulnerabilities in iOS versions ranging from 18.4 to 18.7. Since Apple’s statistics indicate that roughly 25% of iPhone users still run these versions, we are talking about hundreds of millions of devices at risk worldwide.
The software operates in a “hit‑and‑run” fashion; it does not remain on your device permanently like complex government‑grade espionage tools designed for long‑term surveillance. Instead, DarkSword enters, gathers whatever data it wants, then wipes its own files and exits the device within a few minutes. Once the iPhone is rebooted, it becomes virtually impossible to detect its presence or trace what happened.
List of Stolen Items: Your Data at Risk
If you think your privacy is protected, here is the long list of what DarkSword can pull from your device in those few minutes: call logs, contacts, calendar, notes, photos, screenshots, and location history. It even extends to browser history, Wi‑Fi passwords, iCloud data, and even encryption keys for digital cryptocurrency wallets.
And it doesn’t stop there; the software can breach the privacy of iMessage, email, and messaging apps such as WhatsApp and Telegram. The hackers behind this tool appear extremely confident, to the point of leaving its code publicly available for others to use, meaning we may see new waves of similar attacks in the near future.
Attacks Targeting the Region and Conflict Zones
Google’s report uncovered specific incidents where DarkSword was used, the most notable being an attack in November last year that targeted users in Saudi Arabia. It was carried out via a website impersonating the “Snapshare” service page linked to Snapchat; the site directed visitors to a genuine Snapchat link to allay suspicion, while in the background it infected the iPhone with the malicious software.
In a more recent development, a hacking group called UNC6353, suspected of ties to the Russian government, was observed using the same tool to target users in Ukraine by compromising official news and government websites. This threat is believed to be linked to a previous attack known as Coruna, which targeted older OS versions (iOS 13 to iOS 17), illustrating how these attackers evolve their methods with each Apple update.
Source:
Leave a Reply