Millions of iPhone users may be exposed to a new spyware campaign that spreads without downloads or warnings. Security researchers have identified a tool called Darksword that infects devices through compromised websites.
The attack shows how quickly mobile threats can scale when users delay updates. A single visit to the wrong page can be enough to compromise a device.
Darksword Exploits Outdated iOS Versions
Darksword relies on vulnerabilities found in older iOS versions released in 2025. The exploit chain allows attackers to execute malicious code directly through the browser. Users do not need to install apps or interact with files.
Researchers found the spyware embedded in dozens of legitimate websites, many of them based in Ukraine. Once a user visits an infected page, the attack runs automatically in the background.
Apple has already patched the vulnerabilities used in this campaign. However, the protection only works for devices running the latest updates.
Hundreds of Millions of Devices Remain at Risk
A large portion of iPhone users still run outdated software. Estimates suggest that over 200 million devices remain vulnerable to this exploit.
This scale turns Darksword into more than a targeted surveillance tool. It becomes a mass exploitation threat that can impact everyday users.
The spyware can collect sensitive data, including personal details and financial information. In some cases, attackers may also target cryptocurrency wallets stored on affected devices.
A Global Campaign With Multiple Actors
Researchers observed Darksword activity across several regions, including Europe, the Middle East, and parts of Asia. The spread suggests a coordinated effort rather than isolated attacks.
Some indicators point to commercial spyware vendors. Other elements resemble state-backed operations. This mix highlights how advanced tools are no longer limited to a single group.
The campaign also shares infrastructure with other recent iPhone exploits. This overlap suggests a growing ecosystem where attackers reuse and adapt existing tools.
Apple Blocks Threat, but Risk Remains
Apple responded by patching the exploited vulnerabilities and blocking known malicious domains. These steps limit the spread of the attack for updated devices.
However, unpatched devices remain exposed. The effectiveness of the response depends entirely on how quickly users install updates.
Attackers often rely on this delay. Even a short window can provide enough time to compromise large numbers of devices.
Mobile Threats Are Scaling Faster
Darksword reflects a broader shift in cyber threats. Advanced mobile exploits are no longer rare or highly targeted. They now appear in wider campaigns that aim for scale.
This change increases the risk for regular users. Attacks no longer focus only on high-profile targets. Anyone with an outdated device can become a victim.
Conclusion
The Darksword campaign shows how easily modern spyware can spread when security updates are ignored. A simple browsing session can turn into a full device compromise.
Keeping iOS updated remains the strongest defense. As attackers scale their operations, basic security habits play a bigger role than ever.
0 responses to “iPhone Spyware Darksword Targets Millions of Devices”