Organize your technology with one charging solution
Clear out your nightstand with a MagSafe charger that powers your iPhone, AirPods, and Apple Watch at the same time.
Researchers said Wednesday that a powerful software exploit capable of infiltrating and stealing information on potentially hundreds of millions of Apple AAPL.O iPhones has been planted on dozens of websites in Ukraine in recent weeks.
The discovery is the second time this month that researchers have discovered spyware targeting iPhones and other Apple devices. Taken together, the two hacking tools indicate a thriving market for advanced malware that can steal data and information from cryptocurrency wallets, the researchers said.
Researchers from cyber company Lookout, mobile security company iVerify, and Alphabet Inc.’s Google have published a joint analysis of a piece of malware they dubbed “Dark Sword.” On March 3, Google and iVerify revealed another powerful iPhone spyware called “Coruna.” Researchers discovered that Darksword was hosted on the same server.
“A validated pipeline of recent exploits exists that ended up in the hands of potential criminal organizations for financial gain,” said Lookout Principal Researcher Justin Albrecht.
According to iVerify and Lookout, researchers found malware being distributed to iPhone users running iOS versions 18.4 to 18.6.2 who visited one of dozens of websites in Ukraine. Apple released these versions between March and August 2025.
Researchers say it’s unclear how many iPhones are vulnerable to Darksword attacks. Apple has released multiple fixes for the underlying bug that attackers used to create Darksword. Despite this, many people do not install updates for their iPhones, and according to iVerify and Lookout, this number is based on public estimates, with an estimated 220 million to 270 million iPhones still running the released iOS version. Google did not release its findings ahead of Wednesday’s report.
Apple did not respond to a request for comment.
Rocky Cole, co-founder and chief operating officer of iVerify, said the two different and powerful iOS exploits discovered this month suggest a robust ecosystem of tools that have previously been largely limited to nation-state intelligence operations.
Researchers said they discovered the vulnerability because of a sloppy security mistake not often seen in nation-state iPhone hacks.
“The fact that they don’t care about the flames and are using them in large-scale attacks with poor[operational security]speaks to how much they value these tools,” Cole said. “They don’t really care that they get exposed.”
Researchers from iVerify and Lookout said in findings and interviews ahead of Wednesday’s release that they discovered Darksword on an internet server suspected of being used by Russian operators of Coruna.
Reporting by AJ Vicens in Detroit. Editing: Lisa Shoemaker
