Over 220 million iPhones attacked by new DarkSword exploit – how to stay safe
Researchers discovered a new exploit for iOS, called “DarkSword”, which was used to steal saved passwords, data of cryptocurrency applications and more. Fortunately, you may be able to avoid it.
DarkSword targets iPhones running older versions of iOS, specifically iOS 18.4 through iOS 18.7. Apparently, it was leaked to many malicious players.
The article continues below
In total, DarkSword exploits six vulnerabilities tracked as: CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-3520-4. It has been used since November 2025 by many bad actors who have used it as three different families of the “GHOST” malware.
Ghostblade is a dataminer that stole a gamut of information from crypto data to browser history, photos and emails. Ghostknife was used to access logged in accounts, messages and location history. While Ghostsaber is used to crack code and steal data.
“This malware is very sophisticated and appears to be a well-designed platform that allows rapid development of modules with access to a high-level programming language,” Lookout said. “This extra step shows the significant effort that went into the design of this malware with thoughts about maintainability, long-term development and scalability.”
This malware is very sophisticated and appears to be a well-designed platform that allows rapid development of modules.
Lookout researchers
The attack had a global impact hitting iPhone owners in Saudia Arabia, Ukraine and Malaysia according to reports. This exploit was delivered via a Sandbox exploit using compromised websites, although it is unclear how the sites themselves were compromised.
Based on this Stat Counter chart and statistics from Apptunix, it is estimated that about 220 million devices are affected, or about 14% of all iOS users.
According to iVerify, all the flaws used in DarkSword have apparently been resolved by Apple in the latest iOS release.
How to stay safe
Simply, update your iPhone.
If your device can run iOS 26.3.1 (the most recent iOS update), you should upgrade to that version. If not, see if you can at least update to iOS 18.7.6, which seems safe according to iVerify.
iVerify’s research suggests that only iOS 18.7 and iOS 26.3 versions are safe, meaning that even versions earlier than iOS 26 may be usable.
For older iPhones that can run iOS 18 but not iOS 26, Apple can release fixes as it has done in the past, but it is not yet confirmed that Apple will do so in this case.
For now, turn on Lockdown Mode, which is available since iOS 16 and is designed to give you more protection against advanced cyber attacks.
Unfortunately, there’s no iOS equivalent of the best Android antivirus apps, but one of the best Mac software can scan an iPhone or iPad for spyware and other malware. Connecting your iPhone to a Mac allows Intego’s Mac antivirus to check for viruses.
We don’t see iPhone exploits all that much but when we do, it’s usually more sophisticated and increases the risk as we’ve seen here with DarkSword. Given how much valuable data is stored on the best iPhones, it won’t be long until we see a similar exploit doing the rounds on the Internet.
Follow up Tom’s Guide to Google News again add us as a favorite resource to get our latest news, analysis, and reviews in your feed.
