Cybersecurity researchers have warned that a newly discovered hacking tool could leave hundreds of millions of iPhones vulnerable to silent data theft, with attacks already detected across several countries.
The threat, known as DarkSword, was uncovered by the Google Threat Intelligence Group, which says the malware allows attackers to break into iPhones and siphon off large volumes of personal information without users realising.
According to researchers, DarkSword links together six separate security flaws in iOS and Apple’s Safari browser.
The exploit can be triggered simply by visiting a malicious or compromised website, with no clicks or downloads required.
The affected devices are those running iOS versions 18.4 to 18.7, and once compromised, attackers can quietly install spyware and begin extracting data.
Security analysts say the tool is already being used in real-world attacks by commercial spyware vendors and state-backed groups.
Activity linked to DarkSword has been observed in Saudi Arabia, Turkey, Malaysia and Ukraine.
An Apple spokesperson said the exploits targeted outdated software and stressed that the underlying vulnerabilities have been fixed through multiple updates released over recent years.
“Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” the spokesperson said.
Experts advise users who believe they may be at higher risk, including journalists, activists and people handling sensitive information, to enable Apple’s Lockdown Mode via the Privacy & Security section of their device settings.
READ ALSO: UK Watchdog Bans ‘Irresponsible’ AI Advert for ‘Clothe-removing’ App
Coordinated technical analyses of DarkSword were published by researchers at Lookout, iVerify and Google.
The researchers found the exploit abuses lesser-known weaknesses deep within iOS and Safari to bypass security protections.
In some cases, attackers used fake websites or apps to lure victims, including a convincing imitation of Snapchat.
In others, legitimate websites, including a government site, were compromised and used to deliver the malware.
Once infected, a phone can be loaded with different spyware modules depending on the attacker’s objectives.
One variant, known as Ghostblade, is designed to harvest extensive personal data, including messages, call logs, contacts, photos, emails, passwords, location information and browsing history.
The spyware can also access communications from apps such as WhatsApp and Telegram, as well as files stored in iCloud.
Researchers say it actively searches for cryptocurrency apps and wallets, potentially exposing digital assets and financial data.
Unlike some long-term surveillance tools, Ghostblade quickly extracts the data it wants and then deletes itself, making detection far more difficult.
While the exact number of vulnerable devices is unknown, iVerify and Lookout estimate that between 220 million and 270 million iPhones worldwide may still be running exposed versions of iOS, based on public usage figures.