Earlier this month, we reported on an exploit toolkit called Coruna that was targeting iPhone devices. Now, another sophisticated hacking toolkit, DarkSword, has been discovered. It was first uncovered last week, but according to TechCrunch, a newer version leaked on Monday on GitHub, the Microsoft developer platform, making the tool more easily accessible to the public.
Security experts warn the leak dramatically lowers the barrier for hackers. The co-founder of iVerify, Matthias Frielingsdorf, whose company focuses on mobile security, described the situation in an interview with TechCrunch as “bad,” saying the tools are “way too easy to repurpose.” He also expressed concerns about how the hacking toolkit will spread, saying: “I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this.”
According to him, the files released on GitHub are mostly HTML and JavaScript, making it very easy for almost anyone to deploy the attack.
iPhones and iPads running older iOS versions, especially iOS 18, are at risk of being attacked using DarkSword the most. “The exploits will work out of the box,” said Frielingsdorf. His analysis was also corroborated by Google spokesperson Kimberly Samra, who spoke with TechCrunch and had analysed a previous DarkSword exploit.
The situation appears to get worse. According to TechCrunch, a security hobbyist going by the username matteyeux on X revealed to the publication that he grabbed the leaked files over the weekend and successfully hacked an iPad mini running iOS 18. The test demonstrated how easily someone with access to the tool could compromise vulnerable devices.
The leaked files contain the code used to carry out the exploit. Within the code itself are developer comments explaining how to steal a person’s contacts, messages, call history, and Wi-Fi passwords, and how to send the data to a remote server. One comment describes the code as something that “reads and exfiltrates forensically-relevant files from iOS devices.”
The files can be copied, hosted on a server, and weaponised “in a couple of minutes to hours,” according to Frielingsdorf. Millions of iPhone users could be exposed to these campaigns, as one in four iPhone users are still running older iOS versions, according to Apple.
Apple says it has already pushed out an emergency security update to help curtail the impact of the toolkit.
How to Stay Safe
Apple says that users should update their iOS to the latest version. Experts also recommend users to turn on automatic updates so you do not fall behind on important security patches.
Users who may be at higher risk of targeted attacks can enable Lockdown Mode. It is also wise to avoid clicking suspicious links that could trigger browser-based exploits and to regularly review app permissions and installed profiles on your device.
Ogbonda Chivumnovu
