DarkSword is designed to extract sensitive data from older, unpatched smartphones.
DarkSword used Safari, GPU, and kernel exploits to move from a website visit to full iPhone compromise
Photo Credit: Pexels/ Karolina Grabowska
Cybersecurity researchers recently warned of a growing threat that targeted older iPhone models. This threat, which was previously linked to targeted attacks, seems to have escalated after a more advanced version of the DarkSword hacking toolkit was leaked online. It is now available on public code-sharing platforms like GitHub, potentially making it significantly easier for threat actors to exploit vulnerabilities in older Apple devices.
According to iVerify researchers, the updated version of DarkSword has been uploaded to GitHub, making it easier to access and deploy. The spyware is said to target several iPhone and iPad models running older versions of iOS, particularly iOS 18. It was still available on the platform at the time of publishing this story.
In a conversation with TechCrunch, Matthias Frielingsdorf, Co-Founder of iVerify, said that the updated versions of DarkSword share the same infrastructure as the original exploit. iVerify was one of the security firms that originally discovered the hacking campaign, alongside Lookout and Google Threat Intelligence Group (GTIG).
The code is said to consist of relatively basic HTML and JavaScript files, which can be hosted on a server within minutes. This potentially allows attackers to create malicious webpages designed to compromise vulnerable devices.
A security researcher also reportedly claimed to have successfully utilised the publicly available version of the exploit to compromise an iPad mini running iOS 18. This indicates that the attack can potentially be executed by threat actors without requiring advanced technical expertise.
Apple said it is aware of the exploit affecting devices running older and outdated operating systems. The company recently released an emergency update to address vulnerabilities on devices that cannot be upgraded to the latest iOS versions. As per the iPhone maker, devices with Lockdown Mode enabled are also protected from these specific attacks, even on out-of-date software.
However, the tech giant reiterated that such devices should also be updated to the latest iOS version as soon as possible.
The DarkSword spyware is an iOS full-chain exploit that leveraged multiple zero-day (undiscovered) vulnerabilities to completely compromise devices. Now available as a toolkit on code-sharing platforms, it links together several bugs to move from a web page to full control of the phone.
DarkSword is designed to extract sensitive data from compromised devices, as per security researchers. It can access contacts, messages, call history, and data stored in the iOS Keychain, including passwords and other credentials, and transmit this information to attacker-controlled servers.
Researchers note that comments within the leaked source code describe the operation of the exploit in detail, including specific instructions for exfiltrating data across the internet. In certain instances, the code is said to reference post-exploitation activities, outlining the processes for collecting and remotely transmitting data once a device has been compromised.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.