Apple Security Alert: Update Now to Block New DarkSword Hack

A widespread hacking campaign targeting Apple users who haven’t installed the latest software updates has been revealed by cybersecurity researchers. At the center of the issue is a tool called DarkSword, previously used by sophisticated hacking groups, which has now become publicly available.

“Listen up, given that this is important. If you have an iPhone or iPad, immediately make sure you’ve installed the latest update, because someone has just made the code for a dangerous attack public. Dangerous and extremely, very easy to carry out,” warns Piotr Konieczny on social media.

The primary concern is the tool’s simplicity. DarkSword is a collection of code fragments that exploit vulnerabilities in the operating system. This allows access to data on a device without the owner’s knowledge. Based on HTML and JavaScript files, even individuals with limited technical expertise can prepare an attack. In practice, simply copying the code and placing it on a server is enough to attempt to compromise devices.

However, this is not an amateur tool. According to analysts at Google and Lookout, the tool was previously used by hackers linked to Russian intelligence services (UNC6353) to conduct espionage operations, particularly in Ukraine. Fragments of code found in the leaked version also point to data being sent to a Ukrainian clothing store website, which was likely compromised and used as a command and control (C2) server.

The disclosure follows a similar incident earlier this month involving the Coruna exploit pack, created by L3Harris for the U.S. Government.

Once a successful attack is carried out, DarkSword quietly steals data from the device. The tool is designed for short-term surveillance operations focused on quick access, theft, and exit, rather than long-term monitoring like Pegasus. The report also indicates functionality for cryptocurrency theft.

After a successful attack, the tool can quietly seize the following from a device:

• Contacts,
• Messages,
• Call history,
• Data from the iOS Keychain, where passwords, such as Wi-Fi credentials and service logins, are stored.

DarkSword targets iOS 18 if the Lockdown Mode is not enabled on the device. Apple estimates that approximately 25% of users are still running iOS 18 or older, representing a significant number of potentially vulnerable devices. For older devices that no longer receive iOS updates, Apple released a security patch on March 11, 2026.

To reduce the risk, the following steps are crucial:

• Update your iPhone or iPad to the latest available version of iOS,
• Verify that your device supports iOS 26, and if not, ensure the March 11th patch is installed,
• Enable Lockdown Mode where possible.