Cyber security researchers last week Hacker campaign targeting iPhone users has been revealed He used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and published it on the code-sharing website GitHub.
Researchers warn that this would allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems and who have not yet updated to its latest iOS 26 software. According to Apple’s data on obsolete devices, this will likely affect hundreds of millions of iPhones and iPads in active use.
“It’s bad. It’s very easy to reassign them,” Matthias Frielingsdorf, co-founder of mobile security startup iVerify, told TechCrunch on Monday. “I don’t think it can be prevented anymore. So we have to wait for criminals and others to start enforcing it.”
Frielingsdorf said these new versions of the DarkSword spyware share the same infrastructure as he and his iVerify counterparts. analyzed beforealthough the files are slightly different. The files uploaded to GitHub are simple, just HTML and JavaScript, he said, and anyone can put them on a server in “a few minutes to a few hours.”
“Exploits will come out of the box,” Frielingsdorf said. “No iOS experience required.”
Earlier, Google spokeswoman Kimberly Samra Analyzed the DarkSword exploitsaid the company’s researchers agreed with Frielingsdorf’s assessment.
Contact us
Do you know more about Darksword, Coruna or other government hacking and spyware tools? You can contact Lorenzo Franceschi-Bicchierai from a non-work device by calling +1 917 257 1382 or securely via Telegram, Keybase and Wire @lorenzofb. via e-mail.
A security enthusiast who goes by Matteyeux’s support also told TechCrunch that using the leaked DarkSword samples was pointless. Matthieuux he wrote X said in a post on Monday that he was able to jailbreak an iPad mini tablet running iOS 18, the previous generation of the DarkSword-vulnerable operating system, using a “in the wild” DarkSword sample circulating online.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
Apple spokeswoman Sarah O’Rourke told TechCrunch that the company is aware of the exploit targeting devices running older and outdated operating systems, and has released an emergency update on March 11 for devices unable to run the latest versions of iOS.
O’Rourke said devices with updated software are not at risk from these reported attacks, adding, “Keeping your software up-to-date is the most important thing you can do to protect the security of your Apple products.” Lock mode it will also prevent these special attacks.
A spokesperson for Microsoft, which owns GitHub, did not immediately respond to a request for comment.
The code, which TechCrunch hasn’t contacted because it could be used in active attacks, has several comments that describe how the exploits work and how to implement them.
The exploit “reads and extracts forensically relevant files from iOS devices via HTTP,” referring to stealing data from a person’s iPhone or iPad and sending the data over the Internet to a server controlled by the attacker, according to a comment apparently written by one of the developers working on DarkSword.
“This payload must be included in a process with a file system access class,” the comment reads.
In one case, the code refers to “post-exploitation activity” and describes the process after malware gains access to a person’s phone and grabs its contents, including their contacts, messages, call history and iOS keychain, which stores Wi-Fi passwords and other secrets, and dumps them on a remote server.
Another file contained references to uploading data to a popular Ukrainian clothing website, though TechCrunch could not immediately determine why. It was DarkSword It is claimed to be used by the Russian government Hackers against Ukrainian targets.
According to iVerify, this particular spyware works against iPhones and iPads running iOS 18. Googleand Watchmanhe also previously analyzed the DarkSword malware.
According to Apple’s own figuresnearly a quarter of all iPhone and iPad users are still running iOS 18 or earlier on their device. with More than 2.5 billion active devices equal to hundreds of millions whose devices are vulnerable to DarkSword attacks.
That’s why Frielingsdorf recommends everyone upgrade their iPhone operating system.
DarkSword’s discovery comes just weeks after researchers discovered another advanced iPhone hacking toolkit. Known as Coruna. TechCrunch reports that Coruna was developed first Trenchant division by L3Harris, a defense contractor that develops hacking tools for the US government and its allies.
