Digital security researchers have revealed the existence of a sophisticated spying program, called “Darksword”, which has the ability to invade iPhones and steal a wide range of users’ personal information. The malicious tool was recently discovered on dozens of websites, predominantly on Ucrânia, and operates by exploiting security flaws present in older versions of the Apple operating system. Este incident raises an alert about the persistence of digital threats that directly target mobile devices, a vector increasingly targeted by cybercriminals and surveillance groups.
The discovery of Darksword was the result of an intensive collaboration between security experts from the renowned companies Lookout and iVerify, together with researchers from Google. Esta multinational partnership highlights the complexity and cross-border nature of current cyber threats, which require a joint effort to be identified and countered effectively.
Reports released last week detail the program’s ability to access sensitive data stored on phones, going beyond basic information to even include contents of digital cryptocurrency wallets. The potential loss of control over digital financial assets poses a significant and immediate risk to victims.
The attack is triggered when a user unsuspectingly navigates to certain websites that have been meticulously designed to exploit specific vulnerabilities in the iPhone system. Once access to these pages is granted, Darksword can be activated and then begin collecting device data silently and persistently, making detection a challenge for the average user.
Detection of Ferramentas from Espionagem Aumenta Preocupação
The identification of Darksword represents the second case of a spying program aimed at iPhones revealed this month, highlighting a worrying trend in the digital security scenario. At the beginning of March, researchers had already warned about the existence of another digital espionage tool, called “Coruna”, which also exploited similar flaws in the systems of Apple devices.
The emergence of two distinct tools in a short period suggests significant growth in the underground market for programs capable of hacking cell phones and stealing confidential information. Essa proliferation indicates that the development and commercialization of spyware is becoming increasingly sophisticated and accessible to different types of actors.
Justin Albrecht, researcher at Lookout, emphasized to Essa statement highlights the economic motivation behind many of these attacks, which seek profits through data theft, extortion or selling information on the black market.
Campaigns Globais and Conexões with Setor of Vigilância
Attack campaigns employing Darksword have been identified by Google researchers in several nations, including Arábia Saudita, Turquia, Malásia, and Ucrânia. The geographic breadth of the attacks demonstrates the global nature of cyber threats and the ability of these programs to reach targets in different regions of the world, regardless of physical or political barriers.
Additionally, some of these operations were associated with a commercial surveillance technology provider known as PARS Defense, based at Turquia. Essa connection suggests that tools originally developed for intelligence or government security purposes may have been leaked or sold to other groups, including criminal entities or state-sponsored hackers with different agendas. A empresa em questão não se pronunciou sobre as acusações.
The experts also found that the Darksword program was distributed mainly to users who had versions of the iOS operating system between 18.4 and 18.6.2, released between March and August of last year. Essa particularity indicates that the spyware developers focused on a specific range of vulnerabilities that were exploited before Apple could fix them in subsequent updates, maximizing the window of opportunity for attacks.
Millions of iPhones Vulneráveis and Ações from Apple
There is still no exact number of devices that may have been compromised, but estimates based on public data indicate that between 220 million and 270 million iPhones still operate with versions of the system that are susceptible to these exploits. Este alarming number, provided by iVerify and Lookout, underscores the urgency for users to act proactively to protect their devices.
Apple, in turn, guaranteed that the security flaws used in these attacks have already been properly corrected in more recent operating system updates. Segundo the company, users who keep their iPhones with updated software are already protected against this specific type of exploitation. The company emphasizes the importance of keeping operating systems always up to date to mitigate security risks.
In a statement released on Thursday (19), Apple reiterated that the identified attacks exploited old versions of iOS through malicious content circulated on the internet, such as suspicious links or compromised websites. The company said it investigated the incidents and promptly released the necessary security updates to fix the vulnerabilities as soon as they were discovered, reinforcing its commitment to user protection.
Measurements Essenciais from Proteção to Usuário
The company reinforces that keeping the system updated is the main and most effective measure that users can take to protect their data against these and other threats. Aparelhos with recent versions of iOS were not affected by these attacks, and the Safari browser also received improvements to automatically block email addresses used in identified campaigns more efficiently.
Apple also provided clear guidance for those who have not yet updated their device, highlighting that devices with the most recent and updated versions of iOS, from iOS 15 to iOS 26, are already protected. Para older devices that are unable to install the latest versions, a software update for iOS 15 and iOS 16 was released on March 11, 2026, with the aim of expanding protection.
iPhone users running iOS 13 or iOS 14 must update to iOS 15 to receive these critical protections. Além In addition, these devices will receive, in the coming days, an additional alert for the installation of a Atualização Crítica of Segurança. The Apple Safe Browsing system, integrated into the Safari browser and enabled by default, plays a key role in blocking known malicious internet domains identified in these attack waves.
It is crucial that users act quickly to ensure the security of their data by following Apple recommendations. Para those who, for whatever reason, cannot update their devices to the latest versions of iOS, activating Modo from Bloqueio (Lockdown