GoKawiilSecurity researchers have uncovered a series of cyberattacks targeting Apple customers across the world. The tools used in these hacking campaigns have been dubbed Coruna and DarkSword, and they have been used by both government spies and cybercriminals to steal data from people’s iPhones and iPads.
It’s rare to see widespread hacks targeting iPhone and iPad users. In the last decade, the only precedents have been attacks against Uyghurs Muslims in China, and against people in Hong Kong.
Now, some of these powerful hacking tools have leaked online, potentially putting hundreds of millions of iPhones and iPads running out-of-date software at risk of data thefts.
We are breaking down what we know and what we don’t about these latest iPhone and iPad hacking threats, and what you can do to stay protected.
What are Coruna and DarkSword?
Coruna and DarkSword are two sets of advanced hacking toolkits that each contain a range of exploits capable of breaking into iPhones and iPads, and stealing a person’s data, such as their messages, browser data, location history, and cryptocurrency.
Security researchers who discovered the toolkits say Coruna’s exploits can hack iPhones and iPads running iOS 13 through iOS 17.2.1, which was released in December 2023.
DarkSword, however, contained exploits capable of hacking iPhones and iPads running more recent devices running iOS 18.4 and 18.7, released in September 2025, according to security researchers with Google who are investigating the code.
But the threat from DarkSword is more immediate to the general public. Someone leaked part of DarkSword and published it on code sharing site GitHub, making it easy for anyone to download the malicious code and launch their own attacks targeting Apple users running older versions of iOS.
How do Coruna and DarkSword work?
... continue reading