A newly leaked version of the DarkSword hacking tool has been published online, raising concerns among researchers that attackers can now easily target iPhones and iPads running older operating systems.
The exploit code was uploaded to GitHub, making it widely accessible. Researchers warn that the leak lowers the barrier for cybercriminals to launch attacks against devices that have not been updated to iOS 26.
Researchers Warn Of Easy Exploitation
Matthias Frielingsdorf from iVerify said the leaked files are simple to use and can be deployed with minimal technical knowledge. He said the code consists of basic HTML and JavaScript, allowing attackers to host and run it quickly.
“The exploits will work out of the box,” Frielingsdorf said, adding that no specialized iOS expertise is required.
Google researchers share the same assessment, according to spokesperson Kimberly Samra. A security hobbyist known as matteyeux also reported successfully using the leaked samples to compromise an iPad mini running iOS 18.
Capabilities Of The DarkSword Spyware
Comments within the leaked code describe how the exploit operates. The tool is designed to extract sensitive data from compromised devices and transmit it to attacker-controlled servers over the internet.
The malware can access contacts, messages, call history, and data stored in the iOS keychain, including saved passwords. Additional references in the code describe post-exploitation steps, indicating how attackers can continue extracting data after initial access is gained.
Some code references suggest data may be routed through external websites, though the exact purpose remains unclear. Previous reporting has linked DarkSword to attacks by Russian government hackers targeting Ukrainian entities.
Scale Of Potential Exposure
DarkSword specifically targets devices running iOS 18 or earlier, according to prior analyses by iVerify, Google, and Lookout. Apple data indicates that about one-quarter of its more than 2.5 billion active devices are still on older operating systems, suggesting hundreds of millions of devices could be vulnerable.
Apple Response And Mitigation Measures
Apple said it is aware of the exploit affecting outdated devices. Spokesperson Sarah O’Rourke said the company released an emergency update on March 11 for devices unable to run newer versions of iOS.
Apple said devices running updated software are not at risk from the reported attacks. The company also noted that its Lockdown Mode feature can block these specific exploits.
A spokesperson for Microsoft did not respond to requests for comment regarding the code hosted on GitHub.
Related Discovery Of iPhone Exploit Tools
The emergence of DarkSword follows the recent discovery of another advanced iPhone hacking toolkit known as Coruna. That tool was reported to have been developed by L3Harris through its Trenchant division for government use.
Featured image credits: Needpix.com
For more stories like it, click the +Follow button at the top of this page to follow us.