Malware - DarkSword Tool Exposes Millions of iPhones
Basically, a new hacking tool can steal data from many iPhones just by visiting a website.
A new hacking tool, DarkSword, is being used by Russian hackers to exploit vulnerabilities in older iPhones. Millions of users are at risk of data theft just by visiting compromised websites. Keeping software updated is crucial for protection against this sophisticated malware.
What Happened
Recently, a powerful iPhone hacking technique called DarkSword was discovered in the wild, primarily used by Russian hackers. This tool can silently compromise hundreds of millions of iPhones running older versions of iOS, particularly iOS 18. Researchers from Google and cybersecurity firms iVerify and Lookout revealed that DarkSword is embedded in compromised websites, allowing it to hack devices that visit these sites without any user interaction.
This alarming discovery follows closely on the heels of another sophisticated hacking toolkit, Coruna, also linked to Russian state-sponsored actors. While Coruna targets iOS versions 13 through 17, DarkSword exploits vulnerabilities in iOS 18, which still accounts for nearly a quarter of all iPhones in use. This means that a significant number of users are at risk of having their personal data stolen simply by browsing the web.
Who's Being Targeted
The primary targets of the DarkSword hacking campaign include users of older iPhones and those who have not updated their operating systems. Countries such as Turkey, Saudi Arabia, and Malaysia have already reported incidents where DarkSword was used to compromise the phones of specific individuals. The tool's ability to harvest sensitive information makes it particularly dangerous, as it can extract passwords, photos, and even cryptocurrency wallet credentials.
Experts warn that the indiscriminate nature of this attack method poses a serious threat to everyday users. Since DarkSword is easily accessible and documented, it invites other hackers to use it against unsuspecting victims. The fact that it is being employed by multiple hacking groups further complicates the situation, as it indicates a growing market for such exploits.
Signs of Infection
Detecting a DarkSword infection can be challenging due to its stealthy nature. Unlike traditional malware that leaves traces on the device, DarkSword uses a fileless approach, hijacking legitimate processes to steal data. This means that the malware does not persist after a device reboot, making it harder to identify.
Users should be vigilant for any unusual activity on their devices, such as unexpected messages or unauthorized access to accounts. Security apps from iVerify and Lookout can help detect if a phone has been compromised by DarkSword, providing an additional layer of protection for users.
How to Protect Yourself
To safeguard against DarkSword and similar threats, users are strongly advised to keep their iPhones updated with the latest software. Apple has released security updates that address vulnerabilities exploited by both DarkSword and Coruna. Enabling Lockdown Mode, a strict security setting, can also provide enhanced protection.
Here are some immediate actions users can take:
- Regularly check for software updates by navigating to Settings > General > Software Update.
- Enable Lockdown Mode for additional security.
- Use reputable security applications to monitor for potential threats.
By staying informed and proactive, users can significantly reduce their risk of falling victim to this emerging threat.
Ars Technica Security