iPhones are being widely hacked through Ukrainian websites by the Darksword spyware

Cybersecurity experts report stealthy infections of devices and attackers gaining access to personal data, including crypto wallets

Цей матеріал також доступний:

19 Mar 2026

0 0

Cybersecurity experts reported the discovery of the Darksword spyware, which can covertly infect iPhones via compromised websites and access personal data, including cryptocurrency wallets; Reuters writes about this citing research by Lookout, iVerify and Google.

As researchers found, infection only requires visiting an infected page: the malicious code runs automatically and can gain access rights to the device’s data without any additional user actions.

Analysis teams recorded Darksword being hosted on dozens of Ukrainian websites. Devices running iOS versions from 18.4 to 18.6.2, which were released between March and August 2025, were targeted.

Analysts estimate that between 220 and 270 million iPhones worldwide still run these builds, as some users delay installing updates.

It is also noted that the Darksword distribution infrastructure overlaps with servers where another spyware — Coruna — was previously found; it became known on March 3.

Google said it is tracking the activity of several commercial spyware vendors and hacking groups that may have ties to state actors. Attacks were observed in a number of countries, including Ukraine, Saudi Arabia, Turkey and Malaysia, and researchers link the campaigns in Turkey and Malaysia to PARS Defense, a company that specializes in surveillance tools.

Apple emphasizes that the main wave of attacks was aimed at outdated OS versions, and key vulnerabilities have been fixed in recent updates. In addition, the company’s built-in protection mechanisms block the malicious domains identified by researchers.

Experts advise iPhone users to take basic cybersecurity hygiene steps to minimize risks.