Cybersecurity researchers have uncovered a sophisticated spyware tool capable of infiltrating millions of iPhones worldwide. The malware, dubbed Darksword, is designed to exploit vulnerabilities in certain versions of Apple’s mobile operating system and secretly extract sensitive information from compromised devices.
The discovery has raised fresh concerns about the growing market for advanced mobile hacking tools. Experts say the incident highlights how powerful exploits—once limited primarily to government intelligence agencies—are increasingly appearing in the hands of private companies and cybercriminal groups.
Researchers from multiple cybersecurity organizations collaborated to analyze the spyware, revealing that it had been deployed through compromised websites and used in several coordinated hacking campaigns.
How the Darksword iPhone Spyware Works
The newly identified malware was discovered by researchers from Lookout, iVerify, and Google.
According to their investigations, the spyware was embedded on dozens of websites located in Ukraine. When users visited these compromised sites using vulnerable devices, the exploit could silently infect their phones without requiring any interaction.
Once installed, Darksword could potentially gain access to a wide range of sensitive data stored on the device. Researchers say the malware is capable of stealing personal information, browsing activity, and cryptocurrency wallet credentials.
Because smartphones often contain highly valuable digital assets—such as financial apps, passwords, and personal communications—they are attractive targets for cybercriminals seeking profit.
Millions of iPhones Could Be Vulnerable
The spyware targets specific versions of Apple’s mobile operating system, including several releases distributed during 2025. Devices running those older software versions may still be exposed if they have not installed recent security updates.
Researchers estimate that between 220 million and 270 million iPhones worldwide may still be using affected versions of the operating system.
Apple has emphasized that the vulnerabilities exploited by Darksword have already been patched through newer software updates. The company encourages all users to keep their devices up to date to minimize security risks.
An Apple spokesperson noted that maintaining the latest operating system version remains the most effective way to protect devices from malware and cyberattacks.
A Growing Market for iPhone Hacking Tools
The discovery of Darksword comes shortly after another powerful iPhone spyware tool was identified earlier in the month. That exploit, called Coruna, was revealed by security researchers working with Google and iVerify.
Both tools were reportedly hosted on the same internet servers, suggesting a possible connection between the operations distributing them.
Security experts believe these discoveries point to a rapidly expanding ecosystem of commercial spyware vendors and cybercriminal groups. These organizations develop and sell sophisticated digital surveillance tools capable of bypassing modern smartphone security protections.
Previously, such capabilities were mostly associated with state intelligence agencies conducting targeted surveillance. However, researchers now say the barriers to obtaining these tools appear to be decreasing.
International Hacking Campaigns Identified
Cybersecurity analysts investigating Darksword found evidence that the spyware had been used in multiple hacking campaigns across different regions.
Researchers from Google observed suspected operations targeting individuals in countries including Saudi Arabia, Turkey, Malaysia, and Ukraine.
Some of the campaigns were reportedly linked to a Turkish commercial surveillance firm called PARS Defense, although the company has not publicly commented on the allegations.
These findings suggest that the spyware may have been used for a mixture of intelligence gathering, surveillance, and financially motivated cybercrime.
Evidence of Sloppy Security Practices
One surprising aspect of the investigation was how researchers discovered the exploit. According to cybersecurity specialists, the attackers made several operational security mistakes that exposed the malware infrastructure.
For example, both the Darksword and Coruna spyware tools were reportedly hosted on the same internet servers. This overlap made it easier for researchers to identify the connections between the campaigns.
Experts say such mistakes are uncommon among sophisticated state intelligence operations, which typically go to great lengths to hide their digital infrastructure.
Instead, the apparent lack of caution may suggest that the attackers believed the tools were easily replaceable or not particularly valuable once deployed.
Apple’s Response and Security Measures
Apple has stated that the vulnerabilities used by the spyware have been addressed through multiple software updates over recent years. Devices running the latest versions of iOS are not believed to be vulnerable to the specific exploits identified by researchers.
The company has also blocked the malicious domains involved in the attack through its Safe Browsing protections within the Safari web browser. This measure prevents users from accidentally visiting infected websites that might attempt to deliver the malware.
Apple’s security architecture includes several layers of protection designed to limit the impact of such attacks, including sandboxing technologies and strict app permissions.
However, even advanced security systems can be undermined if users fail to update their software regularly.
How iPhone Users Can Protect Their Devices
Cybersecurity experts emphasize that users can significantly reduce their risk by following a few basic security practices.
First and foremost, keeping devices updated with the latest operating system patches is critical. Software updates often contain fixes for vulnerabilities that hackers actively exploit.
Users should also be cautious about visiting unfamiliar websites or clicking suspicious links, particularly when using older devices that may not receive frequent updates.
Installing reputable security tools and enabling built-in security features can also help detect and block potential threats.
The Future of Mobile Cybersecurity
The emergence of spyware tools like Darksword illustrates how rapidly the cybersecurity landscape is evolving. Smartphones now serve as central hubs for personal data, financial accounts, and communications, making them highly attractive targets for cybercriminals and surveillance groups.
As mobile devices continue to play a larger role in everyday life, experts expect attackers to develop increasingly sophisticated methods to bypass security systems.
At the same time, technology companies and cybersecurity firms are intensifying efforts to detect and neutralize these threats.
The discovery of Darksword highlights both the risks and the importance of ongoing vigilance in the digital age. For users, the lesson is clear: maintaining updated software and practicing good online security habits remains the best defense against emerging cyber threats targeting modern smartphones.
About The Author
