Malaysia amongst nations focused by highly effective iPhone adware ‘Darksword’, researchers warn

SAN FRANCISCO, March 19 — A strong software program exploit able to penetrating and stealing info from probably tons of of tens of millions of Apple iPhones was planted on dozens of internet sites in Ukraine in current weeks, researchers stated yesterday.

The discovery marks the second time this month that researchers have discovered adware focusing on iPhones and different Apple units. Together, the 2 hacking instruments present that the marketplace for subtle malware able to stealing information and cryptocurrency pockets info is flourishing, researchers stated.

Researchers with cyber agency Lookout, cell safety agency iVerify and Alphabet’s Google printed coordinated analyses of the malware they dubbed “Darksword.” On March 3, Google and iVerify revealed a separate highly effective iPhone adware referred to as “Coruna.” Researchers discovered Darksword hosted on the identical servers.

“There’s now a verified pipeline of recent exploits … that have ended up in the hands of potentially criminal entities with a financial focus,” stated Justin Albrecht, principal researcher with Lookout.

Google flags wide-ranging hacking campaigns

Google stated its researchers noticed a number of industrial distributors and suspected state-linked hackers utilizing Darksword in distinct campaigns in opposition to targets in Saudi Arabia, Turkey, Malaysia and Ukraine.

The campaigns in Malaysia and Turkey had been related to Turkish industrial surveillance vendor PARS Defense, Google stated. PARS Defense didn’t reply to a request for remark.

According to iVerify and Lookout, researchers found the malware being delivered to iPhone customers working iOS variations 18.4 to 18.6.2 who visited one in every of dozens of Ukrainian web sites. Apple launched these variations between March and August 2025.

It’s not clear what number of iPhones are susceptible to Darksword assaults, the researchers stated. Apple has launched a number of fixes for the underlying bugs attackers used to make Darksword. Nevertheless, many individuals don’t set up iPhone updates, and an estimated 220 million to 270 million iPhones nonetheless run uncovered iOS variations, in line with iVerify and Lookout, which based mostly the figures on public estimates. Google didn’t share its findings forward of yesterday’s report.

An Apple spokesman stated the exploits focused “out-of-date software,” and that the underlying vulnerabilities have been addressed throughout a number of updates over the past a number of years for customers working the newest variations of their units’ working programs.

“Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” the spokesperson stated.

Additionally, all malicious domains recognized by Google are blocked by Apple Safe Browsing within the Safari net browser to forestall additional exploitation, the spokesperson stated.

The discovery of two distinct highly effective iOS exploits this month suggests a strong ecosystem for instruments that had been beforehand restricted primarily to state-level intelligence operations, stated Rocky Cole, co-founder and COO of iVerify.

Researchers stated they found the vulnerabilities due to sloppy safety errors not frequent in state-linked iPhone hacking.

“The fact that they don’t care if it gets burned, and that they’re using them in mass attacks with poor (operational security), that says a lot about how much they value these tools,” Cole stated. “They’re not overly precious about them being exposed.”

Darksword was discovered on the web servers that suspected Russian operators of Coruna used, researchers with iVerify and Lookout stated in findings and interviews forward of yesterday’s launch. — Reuters