A new iPhone malware called “Darksword” has raised serious concerns after researchers confirmed it can target devices running specific iOS versions released in 2025. The exploit has already appeared in multiple campaigns, and researchers say it can affect a massive number of iPhones that still run older software versions.
The malware spreads through compromised websites and silently targets users who visit them, allowing attackers to access sensitive data, including personal information and even cryptocurrency wallets. This discovery comes close behind another spyware called “Coruna,” which signals a growing pattern of advanced iPhone attacks appearing more frequently.
Researchers from Lookout, iVerify, and Google confirmed the findings and published coordinated reports on the malware. Justin Albrecht, principal researcher at Lookout, said, “There’s now a verified pipeline of recent exploits that have ended up in the hands of potentially criminal entities with a financial focus.”
Who is affected
Darksword targets iPhones running iOS versions 18.4 to 18.6.2, which Apple released between March and August 2025. These are not very old versions, which makes the risk more serious for users who delay updates.
Researchers estimate that around 220 million to 270 million iPhones still run these exposed versions. That number explains why the malware has the potential to impact hundreds of millions of devices worldwide.
Attackers placed the malware on dozens of websites, mainly linked to Ukraine, and used them to infect visitors’ devices. Google also found that different groups, including commercial vendors and suspected state-linked actors, used Darksword in campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine.
Rocky Cole, COO of iVerify, said, “They’re using them in mass attacks with poor operational security, that says a lot about how much they value these tools.”
Apple’s response
Apple said the attacks mainly target outdated software and confirmed that it has already fixed the vulnerabilities through recent updates. The company also blocked the malicious domains through Safari’s Safe Browsing feature.
“Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” an Apple spokesperson said.
The situation shows how fast iPhone threats are evolving, and users who ignore updates continue to remain at risk.
