GoKawiilLast week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now, someone has leaked a newer version of DarkSword and published it on the code sharing site GitHub.
Researchers are warning that this will allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems who have not yet updated to its latest iOS 26 software. This likely affects hundreds of millions of actively used iPhones and iPads, according to Apple’s own data on out-of-date devices.
“This is bad. They are way too easy to repurpose,” Matthias Frielingsdorf, the co-founder of mobile security startup iVerify, told TechCrunch on Monday. “I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this.”
Frielingsdorf said that these new versions of DarkSword spyware share the same infrastructure with the ones he and his iVerify colleagues analyzed previously, although the files are slightly different. The files uploaded to GitHub are uncomplicated, just HTML and JavaScript, he said, meaning anyone can copy and paste them and host them on a server “in a couple minutes to hours.”
“The exploits will work out of the box,” Frielingsdorf said. “There is no iOS expertise required.”
Kimberly Samra, a spokesperson for Google, which previously analyzed the DarkSword exploit, said the company’s researchers agree with Frielingsdorf’s assessment.
Contact Us Do you have more information about Darksword, Coruna, or other government hacking and spyware tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or . Do you have more information about Darksword, Coruna, or other government hacking and spyware tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email
A security hobbyist who goes by the handle matteyeux also told TechCrunch that it is indeed trivial to use the leaked DarkSword samples. Matteyeux wrote in a post on X Monday that he was able to hack an iPad mini tablet running iOS 18, the previous generation of the operating system that is vulnerable to DarkSword, using the “in the wild” DarkSword sample that is circulating online.
Techcrunch event Disrupt 2026: The tech ecosystem, all in one room Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400. Save up to $300 or 30% to TechCrunch Founder Summit 1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
... continue reading