Skip to content
Tech News
← Back to articles

Leaked DarkSword iPhone Hack Is 'Extremely Worrisome.' How to Secure Your Phone Now

2026-03-31 | original
read original get iPhone Privacy Screen Protector → more articles
Why This Matters

The discovery of the DarkSword hacking toolkit highlights a significant security threat for iPhone users, especially those running outdated iOS versions. Its ability to bypass traditional security measures through watering hole attacks underscores the need for users and industry stakeholders to prioritize timely software updates and enhanced security practices. This development signals a growing sophistication in mobile cyber threats, emphasizing the importance of vigilance for both consumers and tech companies.

Key Takeaways

Calling all iPhone owners: Cybersecurity researchers from the Google Threat Intelligence Group and two cybersecurity firms, Lookout and iVerify, have identified a new hacking toolkit that makes data of iPhone owners vulnerable. The toolkit, called DarkSword, isn't like other spyware and malware. This is what you need to know -- and the easy fix you can do now to stay safe.

DarkSword doesn't use phishing texts or emails, nor does it require you to download suspicious apps to let hackers into your device. It operates through a "watering hole attack," Christoph Hebeisen, Lookout's director of security intelligence research, told CNET in an email. Hackers create infected websites, including ones made to look like Snapchat and government contractor sites.

"As a result, such attacks are not only stealthier but also more capable with respect to what data they can access on the device," said Hebeisen.

After you've browsed those sites, the spyware can be activated and your information is at risk. DarkSword isn't designed for ongoing surveillance but can access a variety of data, including your messages, iCloud content and even crypto wallets.

So far, the attacks have been limited to people outside the US, specifically in Saudi Arabia, Turkey, Malaysia and Ukraine, according to Google. But the spyware has been made publicly available on GitHub, first spotted by TechCrunch. That means it will be much easier for any number of bad actors to deploy it.

"Public availability of this kit is extremely worrisome given the high number of remaining active vulnerable devices," Hebeisen said. DarkSword was created to be adaptable to different uses, for developers and vibe-coders alike. "Opportunistic attacks using this exploit kit appear very likely."

Researchers found that vulnerable phones were running versions of last year's software, including iOS 18.4 through 18.7. That isn't every phone, but as Apple's own data confirms, about one-fifth of iPhone owners are still running iOS 18, leaving potentially millions of people vulnerable.

Google said it was being used by "multiple commercial surveillance vendors and suspected state-sponsored actors" and that it reached out to Apple in late 2025 with its findings. In a support page published March 19, Apple said: "We thoroughly investigated these issues as they were found and released software updates as quickly as possible for the most recent operating system versions to address vulnerabilities and disrupt such attacks."

DarkSword spyware reports are scary, but basic iOS software hygiene can go a long way to keep your data safe. Here's what iPhone owners need to do now to stay safe.

Keep your iPhone software updated

... continue reading

Explore topics: darksword apple cybersecurity github lookout
Related:
I've tracked Apple for nearly 50 years: How a garage rebel became a multitrillion-dollar empire
iOS 27 might give iPhone’s keyboard a new autocorrect feature
New Siri multitasking upgrade detailed in latest iOS 27 report
NASA’s Artemis II launch to be filmed in Apple Vision Pro immersive video
What Happens When AI Agents Go Rogue?

© 2026 GoKawiil

About | Editorial Policy | Contact