\n<\/p>\n
Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users<\/a> that used an advanced hacking tool called DarkSword. Now, someone has leaked a newer version of DarkSword and published it on the code sharing site GitHub.<\/p>\n Researchers are warning that this will allow any hacker to easily use the tools to target iPhone users running older versions of Apple\u2019s operating systems who have not yet updated to its latest iOS 26 software. This likely affects hundreds of millions of actively used iPhones and iPads, according to Apple\u2019s own data on out-of-date devices.<\/p>\n \u201cThis is bad. They are way too easy to repurpose,\u201d Matthias Frielingsdorf, the co-founder of mobile security startup iVerify, told TechCrunch on Monday. \u201cI don\u2019t think that can be contained anymore. So we need to expect criminals and others to start deploying this.\u201d<\/p>\n Frielingsdorf said that these new versions of DarkSword spyware share the same infrastructure with the ones he and his iVerify colleagues analyzed previously<\/a>, although the files are slightly different. The files uploaded to GitHub are uncomplicated, just HTML and JavaScript, he said, meaning anyone can copy and paste them and host them on a server \u201cin a couple minutes to hours.\u201d<\/p>\n \u201cThe exploits will work out of the box,\u201d Frielingsdorf said. \u201cThere is no iOS expertise required.\u201d<\/p>\n Kimberly Samra, a spokesperson for Google, which previously analyzed the DarkSword exploit<\/a>, said the company\u2019s researchers agree with Frielingsdorf\u2019s assessment.\u00a0<\/p>\n \t\t\tDo you have more information about Darksword, Coruna, or other government hacking and spyware tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email<\/a>.<\/a> \t\t<\/div>\n A security hobbyist who goes by the handle matteyeux also told TechCrunch that it is indeed trivial to use the leaked DarkSword samples. Matteyeux wrote<\/a> in a post on X Monday that he was able to hack an iPad mini tablet running iOS 18, the previous generation of the operating system that is vulnerable to DarkSword, using the \u201cin the wild\u201d DarkSword sample that is circulating online.\u00a0<\/p>\n Techcrunch event<\/p>\n \n\t\t\t\t\t\t\t\t\tSan Francisco, CA<\/span> Apple spokesperson Sarah O\u2019Rourke told TechCrunch that the company was aware of the exploit targeting devices running older and out-of-date operating systems, and issued an emergency update on March 11 for devices unable to run recent versions of iOS.\u00a0<\/p>\n \u201cKeeping your software up to date is the single most important thing you can do to maintain the security of your Apple products,\u201d O\u2019Rourke said, adding that devices with updated software were not at risk from these reported attacks, and that Lockdown Mode<\/a> would also block these specific attacks.<\/p>\n A spokesperson for Microsoft, which owns GitHub, did not immediately respond to a request for comment.<\/p>\n The code, which TechCrunch is not linking to as it can be used in active attacks, contains several comments that describe how the exploits work and how to implement them.\u00a0<\/p>\n One comment, likely written by one of the developers who worked on DarkSword, says that the exploit \u201creads and exfiltrates forensically-relevant files from iOS devices via HTTP,\u201d referring to stealing information from a person\u2019s iPhone or iPad and sending the data over the internet to an attacker-controlled server.\u00a0<\/p>\n \u201cThis payload should be injected into a process with filesystem access class,\u201d the comment reads.<\/p>\n In one case, the code references \u201cpost-exploitation activity,\u201d and describes process after the malware has gained access to the person\u2019s phone and grabs its contents, including their contacts, messages, call history, and iOS keychain, which stores Wi-Fi passwords and other secrets, and dumps them into a remote server.<\/p>\n Another file contains references to uploading data to a popular Ukrainian apparel website, though TechCrunch could not immediately determine why. DarkSword was allegedly used by Russian government<\/a> hackers against Ukrainian targets.\u00a0<\/p>\n This particular spyware works specifically against iPhones and iPads running iOS 18, according to iVerify, Google<\/a>, and Lookout<\/a>, which also previously analyzed the DarkSword malware.<\/p>\n According to Apple\u2019s own numbers<\/a>, about one-quarter of all iPhone and iPad users are still running iOS 18 or earlier on their device. With more than 2.5 billion<\/a> active devices, that likely equates to hundreds of millions of people whose devices are vulnerable to DarkSword attacks.\u00a0\u00a0<\/p>\n That\u2019s why Frielingsdorf recommends everyone to upgrade their iPhone\u2019s operating system.\u00a0<\/p>\n The discovery of DarkSword came only a few weeks after researchers discovered another advanced iPhone hacking toolkit known as Coruna<\/a>. As TechCrunch reported, Coruna was originally developed<\/a> by the defense contractor L3Harris, whose Trenchant division makes hacking tools for the U.S. government and its allies.<\/p>\n<\/div>\nContact Us<\/h4>\n
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n