New 'DarkSword' Spyware Threatens Millions of iPhones Globally

New 'DarkSword' Spyware Threatens Millions of iPhones Globally | Quick Digest
A sophisticated new spyware named 'DarkSword' is targeting iPhones, with millions potentially at risk due to vulnerabilities in older iOS versions. This threat can steal sensitive data by simply visiting a compromised website, underscoring the critical need for users to update their devices.

Key Highlights

  • New 'DarkSword' spyware exploits older iPhone iOS versions.
  • Data theft occurs via visiting compromised websites.
  • Millions of iPhones potentially vulnerable globally.
  • Sensitive data including passwords and crypto details at risk.
  • Apple has released patches for the exploited vulnerabilities.
  • Users urged to update iOS immediately for protection.
A significant cybersecurity threat, dubbed 'DarkSword' spyware, has emerged, putting millions of iPhone users worldwide at risk. Discovered by researchers from Google, Lookout, and iVerify, this sophisticated malware exploits vulnerabilities in older versions of Apple's iOS, specifically versions 18.4 through 18.7, to steal sensitive personal and financial data. The exploit chain chains together six different vulnerabilities, allowing attackers to gain extensive access to a compromised device. The primary concern with DarkSword is its 'watering hole' attack method. Unlike traditional malware that requires users to download files or click on suspicious links, DarkSword can infect an iPhone simply by the user visiting a compromised website. These compromised sites can range from legitimate news portals and government pages to e-commerce and industrial equipment sites, making it difficult for users to discern a threat. Once a vulnerable device visits such a site, the spyware can exfiltrate a wide range of sensitive information, including Wi-Fi passwords, text messages (from apps like iMessage, WhatsApp, and Telegram), call history, location history, browser history, cryptocurrency wallet credentials, photos, and data from apps like Calendar and Notes. Researchers estimate that approximately 220 million to 270 million iPhones could be vulnerable, based on the number of devices still running older iOS versions. The DarkSword exploit has been observed in targeted campaigns in various countries, including Ukraine, China, Saudi Arabia, Turkey, and Malaysia. While initial reports did not mention American targets, the global reach of such tools is a growing concern. Although Apple has acknowledged the threat and released security updates to patch the underlying vulnerabilities, the continued use of older iOS versions by a significant portion of users leaves them exposed. Apple's latest security updates, including iOS 26.4, aim to address these issues. Security experts emphasize that the most crucial step for users is to update their devices to the latest available iOS version to protect themselves from DarkSword and similar threats. Furthermore, Apple's 'Lockdown Mode,' introduced in 2022, offers an advanced layer of protection for high-risk users, and Apple states it has not yet been successfully breached by sophisticated spyware. The proliferation of such sophisticated spyware tools, once seemingly exclusive to government intelligence, now being available to cybercriminals, signifies a concerning trend. The discovery of DarkSword, along with another spyware called 'Coruna' found on similar infrastructure, highlights the evolving landscape of cyber threats and the ongoing need for user vigilance and prompt software updates. The news is relevant to India as Apple has previously issued threat notifications to users in India regarding mercenary spyware attacks, including instances before major elections. While DarkSword's specific impact on India is not detailed in these reports, the global nature of the threat means Indian iPhone users are also at risk if they are running older iOS versions and have not updated their devices. The Indian Computer Emergency Response Team (Cert-In) has also previously flagged security vulnerabilities in Apple devices, further underscoring the need for Indian users to stay informed and protected.

Frequently Asked Questions

What is DarkSword spyware?

DarkSword is a sophisticated spyware that exploits vulnerabilities in older versions of Apple's iOS to steal sensitive data from iPhones. It can activate simply by visiting a compromised website.

Which iPhones are at risk from DarkSword?

iPhones running older iOS versions, specifically iOS 18.4 through 18.7, are most vulnerable. However, any iPhone user who has not updated to the latest iOS version could potentially be at risk.

How does DarkSword infect an iPhone?

DarkSword uses a 'watering hole' attack method. It can infect an iPhone when a user visits a compromised website, without requiring them to download any files or click on suspicious links.

What kind of data can DarkSword steal?

DarkSword can steal a wide range of sensitive data, including passwords, text messages, call history, location data, browser history, photos, and cryptocurrency wallet credentials.

How can I protect my iPhone from DarkSword?

The most crucial step is to update your iPhone to the latest available iOS version. Apple has released patches to fix the vulnerabilities exploited by DarkSword.

Read Full Story on Quick Digest