iPhone Spyware Threatens Millions of Devices Worldwide

• Darksword exploits affect iPhones running iOS 18.4 to 18.6.2, potentially compromising hundreds of millions of devices.
• Malware is linked to commercial and suspected state-backed campaigns across Ukraine, Turkey, Malaysia, and Saudi Arabia.

What happened: Darksword malware targets iPhones in Ukraine

Researchers have discovered a spyware strain called Darksword, installed on multiple Ukrainian websites, capable of stealing sensitive data and cryptocurrency from iPhones. The malware affects devices running iOS 18.4 to 18.6.2, released between March and August 2025. Experts from Lookout, iVerify, and Google estimate that 220–270 million iPhones remain vulnerable due to outdated software. Darksword has been observed alongside another spyware, Coruna, on the same servers. Investigations link its deployment to Turkish commercial vendor PARS Defense and suspected state-affiliated hackers, impacting users in Ukraine, Turkey, Malaysia, and Saudi Arabia. Apple has patched the vulnerabilities and blocked malicious domains via Safe Browsing in Safari, but many users have not updated, leaving a large population at risk. The malware’s reach demonstrates how commercial spyware campaigns are expanding globally, exploiting the slow adoption of updates by iPhone users.

Also read: Spyware from Paragon hits Italian journalist’s iPhone

Also read: iPhone users in 92 countries receive spyware attack alert

Why this is important

The emergence of Darksword highlights that sophisticated iPhone-targeting malware is no longer confined to state-backed operations. Its capacity to steal cryptocurrency wallets, passwords, and personal data shows the strong financial incentives driving these campaigns. Even small errors by attackers can expose large-scale networks, making such tools increasingly accessible to commercial cybercriminals.

With hundreds of millions of devices still running outdated iOS versions, users globally face real threats to privacy and finances. The case emphasises the urgent need for regular software updates and caution when visiting unfamiliar websites. Cybersecurity is no longer a specialised concern; it directly affects individuals, businesses, and critical infrastructure. Heightened awareness and proactive protection are essential to reduce exposure and prevent sensitive data from being exploited by attackers. The Darksword discovery serves as a reminder that even widely trusted platforms like iPhone can be vulnerable when users neglect updates and security best practices.