Visiting a Ukrainian news website shouldn’t empty your crypto wallet, but that’s exactly what happened to hundreds of thousands of iPhone users. The DarkSword hacking tool—discovered by Google, iVerify, and Lookout researchers—silently infects devices through compromised websites, affecting an estimated 220-270 million iPhones still running vulnerable iOS 18 versions.
This isn’t your typical phishing scam requiring clicks on suspicious links. DarkSword operates through zero-click exploitation, meaning simply loading an infected webpage triggers the attack. The tool hijacks legitimate iOS processes using “fileless” methods, stealing passwords, iMessage conversations, crypto wallet credentials, health data, and photos within minutes—then vanishes like a digital ghost after reboot.
From State Espionage to Criminal Enterprise
The same groups behind targeted government surveillance now fuel mass cybercrime.
Russian state-sponsored hackers originally deployed DarkSword alongside their Coruna toolkit, targeting government sites across Ukraine, Saudi Arabia, Turkey, and Malaysia. But here’s where things get concerning: the complete DarkSword code was left exposed with English comments, essentially gift-wrapping advanced iOS exploits for any criminal willing to copy-paste.
“A vast number of iOS users could have all their personal data stolen simply for visiting a popular website,” warns Rocky Cole, iVerify’s CEO. Commercial surveillance firms like PARS Defense have already weaponized these tools, while broker operations—possibly including the sanctioned Operation Zero network—distribute exploits like they’re selling concert tickets on StubHub.
Apple Patches Available, But Millions Remain Exposed
Emergency patches protect updated devices while legacy iPhone users face continued risk.
Apple responded with security patches and emergency updates extending to older devices, plus Safari blocking for known malicious sites. Lockdown Mode provides additional protection, while security apps from iVerify and Lookout can detect infections.
The problem? Roughly 25% of iPhone users remain on vulnerable iOS 18 versions. This represents a fundamental shift from iOS exploits being rare, targeted tools to mass-market weapons threatening everyday users.
Your iPhone’s security now requires active management rather than passive trust in Apple’s walled garden. Update immediately, enable Lockdown Mode if you’re in a high-risk region, and consider that your morning news scroll might be more dangerous than your evening TikTok dive.
