Calling all iPhone owners: Cybersecurity researchers from the Google Threat Intelligence Group and two cybersecurity firms, Lookout and iVerify, have identified a new hacking toolkit that makes data of iPhone owners vulnerable. The toolkit, called DarkSword, isn’t like other spyware and malware. This is what you need to know — and the easy fix you can do now to stay safe.
DarkSword doesn’t use phishing texts or emails, nor does it require you to download suspicious apps to let hackers into your device. It operates through a “watering hole attack,” Christoph Hebeisen, Lookout’s director of security intelligence research, told CNET. Hackers create infected websites, including ones made to look like Snapchat and government contractor sites.
“As a result, such attacks are not only stealthier but also more capable with respect to what data they can access on the device,” said Hebeisen.
After you’ve browsed those sites, the spyware can be activated and your information is at risk. DarkSword isn’t designed for ongoing surveillance but can access a variety of data, including your messages, iCloud content and even crypto wallets.
So far, the attacks have been limited to people outside the US, specifically in Saudi Arabia, Turkey, Malaysia and Ukraine, according to Google. But the spyware has been made publicly available on GitHub, first spotted by TechCrunch. That means it will be much easier for any number of bad actors to deploy it.
“Public availability of this kit is extremely worrisome given the high number of remaining active vulnerable devices,” Hebeisen said. DarkSword was created to be adaptable to different uses, for developers and vibe-coders alike. “Opportunistic attacks using this exploit kit appear very likely.”
Researchers found that vulnerable phones were running versions of last year’s software, including iOS 18.4 through 18.7. That isn’t every phone, but as Apple’s own data confirms, about one-fifth of iPhone owners are still running iOS 18, leaving potentially millions of people vulnerable.
Google said it was being used by “multiple commercial surveillance vendors and suspected state-sponsored actors” and that it reached out to Apple in late 2025 with its findings. In a support page published March 19, Apple said: “We thoroughly investigated these issues as they were found and released software updates as quickly as possible for the most recent operating system versions to address vulnerabilities and disrupt such attacks.”
DarkSword spyware reports are scary, but basic iOS software hygiene can go a long way to keep your data safe. Here’s what iPhone owners need to do now to stay safe.
Keep your iPhone software updated
While Apple has applied fixes behind the scenes, you still need to take action to ensure your iPhone is safe. There’s an easy but necessary step to keep your phone secure from external threats: Update your iOS software.
“I always recommend people update their iPhone to the latest iOS software as soon as they can,” CNET expert Zachary McAuliffe said. “Updates usually include new features, but more importantly, they often patch security issues. Delaying an update means malicious actors could exploit a vulnerability on your iPhone, putting your personal data and system security at risk.”
Apple said people who have kept their phone software up to date are already protected. Google said iOS 26.3, the latest software update, includes fixes to prevent DarkSword attacks, as do previous updates. And iOS 26.3.1 (a), a minor security-centric update to the main software, was released on Wednesday.
To update your iPhone software, go to Settings > General > Software Update. If an update is available, it will prompt you to download and install it. Some older iPhone models may not be able to run iOS 26. Check our guide to see if your iPhone can.
If you’re not eligible for iOS 26, Apple urges iPhone users to update their software to at least iOS 15, which has protection for older iPhones. The company also says you can consider enabling Lockdown Mode to protect against malicious web content and other threats.
Read the full article here
