Technology News
English Edition

Rare iPhone Spyware Can Infect Devices With a Single Website Visit, Researchers Say

Researchers say DarkSword can hack an iPhone through Safari after a single visit to a compromised website.

Written by Akash Dutta, Edited by Ketan Pratap | Updated: 19 March 2026 13:42 IST
Rare iPhone Spyware Can Infect Devices With a Single Website Visit, Researchers Say

Photo Credit: Unsplash/Norwood Themes

DarkSword used Safari, GPU, and kernel exploits to move from a website visit to full iPhone compromise

Click Here to Add Gadgets360 As A Trusted Source As A Preferred Source On Google
Highlights
  • Google says DarkSword used multiple iOS flaws in one exploit chain
  • The spyware was designed to steal messages, passwords, and photos
  • Apple is said to have patched the bugs across several iOS releases
Advertisement

A newly documented iPhone spyware tool is said to compromise a device simply through a visit to a hacked website. As per security researchers, the toolkit, dubbed DarkSword, was used in campaigns targeting people in Ukraine and relies on a chain of exploits that lets attackers break into Safari, escape its security layers, gain deeper access to iOS, steal data, and then remove themselves within minutes. The spyware is said to only target iPhones running specific versions of iOS 18. Apple is said to have patched the vulnerabilities.

New Dangerous iPhone Spyware Discovered

Google Threat Intelligence Group (GTIG), in partnership with Lookout and iVerify, identified a new iOS full-chain exploit which leveraged multiple zero-day (undiscovered) vulnerabilities to completely compromise devices. Notably, a full-chain exploit means the toolkit links together several bugs to move from a web page to full control of the phone.

In this case, the attack starts in JavaScriptCore, the engine used by Safari and WebKit to run website code. From there, the attackers break out of Safari's sandbox, a security boundary meant to isolate risky web content. It first infects the GPU process and then moves into a more privileged iOS system service called mediaplaybackd. Finally, the chain uses kernel flaws to raise privileges even further and deploy the spyware payload.

Google said the chain used multiple vulnerabilities across Apple's software stack, including memory corruption bugs in JavaScriptCore, a flaw in ANGLE used by Safari's graphics handling, and kernel issues in XNU, the core of iOS. Some of those flaws were exploited as zero-days, meaning attackers used them before fixes were publicly available. The researchers say the relevant fixes were shipped by Apple across iOS 18.6, 18.7.2, 18.7.3, 26.1, 26.2, and 26.3, depending on the bug.

The attack is described as a watering hole campaign. That means attackers compromised websites that their targets were likely to visit, then used those sites to deliver the exploit. Google claimed a suspected Russian espionage group, UNC6353, used DarkSword in watering hole attacks on Ukrainian websites, while TechCrunch reported that the malware was designed to infect anyone who visited certain Ukrainian sites from within the country.

As per the publication, DarkSword was built to steal passwords, photos, browser history, and messages from apps, including WhatsApp and Telegram, along with SMS texts. Researchers also found code aimed at cryptocurrency wallet apps; however, it cannot be said for sure that the main objective behind spreading the spyware was financial gain.

Unlike spyware built for long-term surveillance, DarkSword appears to be designed for a quick smash-and-grab operation. Researchers said its dwell time on a device was likely measured in minutes, just long enough to collect and send data out before disappearing. GTIG also shared code snippets showing efforts to delete crash logs, which would make the intrusion harder to spot.

While it is not easy to block the spyware's attempt to break into a device after it has already been infected, users can minimise the chances of infection by avoiding unfamiliar or high-risk websites, especially in conflict-related or politically sensitive contexts. As per GTIG, the hacker group behind the spyware has also deployed the exploit chain in Saudi Arabia, Turkey, and Malaysia. The total number of infected devices is difficult to gauge.

Comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: iPhone hacking, iOS 18, Spyware, cybersecurity, Hacking
Akash Dutta
Akash Dutta
Akash Dutta is a Chief Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
OnePlus Nord Buds 4 Pro Launched in India With Up to 55dB ANC, Up to 54 Hours of Total Playback Time: Price, Features

Related Stories

Rare iPhone Spyware Can Infect Devices With a Single Website Visit, Researchers Say
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
Turbo Read

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Realme P4 Lite 5G Launched in India With These Specifications
  2. OnePlus Nord 6 Could Launch in India at This Price
  3. iQOO Z11, iQOO Z11x to Launch in China On This Date
  4. Huawei MatePad SE 11 Set to Launch at This Price in India
  5. Marshall Bromley 450 Launched in India With Up to 40-Hour Battery Life
  6. Here's When the Vivo X300 Ultra and Vivo X300s Will Be Launched
  7. OnePlus 15T Will be Launched With These Two Gaming-Focused Features
  8. Oppo Find X9s Pro Gets Certification in China, Hinting at Imminent Launch
  9. Poco X8 Pro vs OnePlus Nord 5 vs Realme 16 Pro 5G: Price in India, Features Compared
  10. OnePlus Nord Buds 4 Pro Launched in India With ANC, Up to 54 Hours of Total Playback Time
#Latest Stories
  1. Instagram Rolls Out Tap-to-Pause Feature for Reels With More Control Over Playback
  2. Seetha Payanam Now Streaming on OTT: Where to Watch Arjun Sarja’s Romantic Road Trip Drama
  3. Circle Urges UK to Blend MiCA Clarity With US Stablecoin Rules
  4. OnePlus 15T Confirmed to Launch With Next-Gen Gaming Kernel, Same G2 Wi-Fi Chip as OnePlus 15
  5. OnePlus Watch 4 Reportedly Visits Certification Database Hinting at an Imminent Launch
  6. Lenovo Legion Y700 Gen 5 Gaming Tablet Launched With Snapdragon 8 Elite Gen 5 SoC, 9,000mAh Battery: Price, Features
  7. Kaattaan OTT Release Date Revealed: Know When and Where to Watch Vijay Sethupathi’s Upcoming Thriller Series
  8. Google Pixel Users Report Freezing Issues on Lock Screen, Always-On Display Following March Update
  9. Rare iPhone Spyware Can Infect Devices With a Single Website Visit, Researchers Say
  10. All the Empty Rooms Now Available for Streaming Online: What You Need to Know
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.
Trending Products »
Latest Tech News »