Spyware Found Again This Month, Hundreds of Millions of iPhones Face Security Risks

SighingCashier · 2026-03-19T04:00:49+00:00

Cybersecurity firms report that "Darksword" is a new iPhone spyware capable of stealing passwords, chat histories, and health data, with zero-click infection capabilities. This malicious software specifically targets users running older iOS versions, putting hundreds of millions of iPhones at risk. Apple has released patches, but many users have not updated their systems. Keeping your system updated is key to maintaining security.

SighingCashier

2026-03-19 04:00:49

Abstract generation in progress

Cybersecurity company Lookout, mobile security firm iVerify, and researchers from Google under Alphabet have jointly released an analysis report on the malicious software named “Darksword.” They state that this new iPhone hacking tool is extremely widespread, capable of stealing not only passwords and photos but also directly accessing iMessage, WhatsApp, and Telegram chat logs, and even reading Apple Health records and cryptocurrency wallet credentials.

The researchers noted that this is the second discovery this month of spyware targeting iPhones and other Apple devices. On March 3rd, Google and iVerify disclosed another powerful iPhone spyware called “Coruna.” They found that Darksword is hosted on the same servers. In recent weeks, Darksword has been embedded on dozens of Ukrainian websites. It is reportedly web-based, allowing zero-click infections—users only need to load an infected webpage in their browser, and the device will be silently hijacked without warning.

Darksword abandons traditional spyware installation methods, instead employing highly covert fileless malware techniques. It directly hijacks legitimate iPhone system processes, rapidly extracting data within minutes of infection with minimal traces. Rebooting the phone can remove the infection, but data is often already stolen.

Google stated that its researchers observed multiple commercial vendors and suspected state-linked hackers using Darksword in targeted operations against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.

According to iVerify and Lookout, the malware is delivered to iPhone users running iOS versions 18.4 to 18.6.2 who have visited one of dozens of Ukrainian websites. Apple released these system versions between March and August 2025.

The researchers indicated that it is currently unclear how many iPhones are vulnerable to Darksword attacks. Apple has issued multiple patches addressing the underlying vulnerabilities exploited by Darksword. However, many users have not installed the updates. Based on publicly estimated data from iVerify and Lookout, approximately 220 million to 270 million iPhones still run vulnerable versions of iOS.

An Apple spokesperson said these vulnerabilities target outdated software, and for users running the latest operating system versions, the underlying flaws have been fixed in multiple updates over the past few years. Keeping software up to date remains the most important step users can take to maintain high security on Apple devices. Additionally, Safari’s built-in Apple Security Browsing feature has blocked all malicious domains identified by Google to prevent further exploitation.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.