Time to Update Your Phone: Darksword Spyware Is Targeting Unpatched iPhones

If you haven't updated your iPhone lately, now would be a really good time to do that.

Researchers just uncovered a sophisticated piece of malware called "Darksword" that was planted on dozens of websites in Ukraine and designed to penetrate iPhones and steal data — including cryptocurrency wallet information. The exploit was capable of hitting any iPhone running iOS versions 18.4 through 18.6.2, which Apple released between March and August of 2025.

Here's the part that should get your attention. An estimated 220 to 270 million iPhones are still running those exposed versions because people don't update their phones. That's not a small number.

Researchers from cybersecurity firms Lookout and iVerify, along with Google, published coordinated findings on the malware Wednesday. Apple has not responded so far.

This Is the Second One This Month

Darksword isn't even the first major iPhone spyware story in March. On March 3, Google and iVerify revealed a separate powerful exploit called "Coruna." Researchers then found Darksword sitting on the same servers that suspected Russian operators of Coruna were using.

Two distinct, sophisticated iPhone exploits discovered within weeks of each other, both apparently in the hands of financially motivated criminal actors. That's not a coincidence — that's a market.

"There's now a verified pipeline of recent exploits that have ended up in the hands of potentially criminal entities with a financial focus," said Justin Albrecht, principal researcher with Lookout.

Tools like these used to be reserved almost exclusively for state-level intelligence operations. Governments spent enormous resources developing them and guarded them carefully. What's changed is that these exploits are now showing up in mass attacks run sloppily, with little effort to hide them.

"The fact that they don't care if it gets burned, and that they're using them in mass attacks with poor operational security — that says a lot about how much they value these tools," said Rocky Cole, co-founder and COO of iVerify. "They're not overly precious about them being exposed."

In other words, whoever is running these attacks isn't worried about getting caught because access to these tools isn't as scarce as it used to be.

What Darksword Actually Does

The malware was delivered to iPhone users who visited any of dozens of compromised Ukrainian websites — the kind of attack researchers call a "watering hole," where you don't go after individual targets directly, you just poison places people are already going and wait.

Once on a device, Darksword is built to steal data and drain cryptocurrency wallets. The financial motive is front and center here, which tracks with the broader shift researchers are seeing in sophisticated mobile malware.

Apple has released patches for the underlying vulnerabilities Darksword exploits. The problem is that patches only work if people install them, and a few hundred million iPhone users haven't.

What You Should Do

Go to your settings and update your iPhone. That's it. That's the whole fix for most people. Apple has already addressed the bugs that make Darksword work — you just need to actually download the update.

If your phone is sitting on iOS 18.4 through 18.6.2 and you've been visiting Ukrainian news or other websites in that region recently, it's worth having your device checked by a mobile security tool as well.

The spyware market is growing, the tools are getting cheaper to access, and the targets are getting broader. Keeping your software current isn't foolproof, but it closes the door on a whole category of attacks that are actively circulating right now.

Curious for more stories that keep you informed and entertained? From the latest headlines to everyday insights, YourLifeBuzz has more to explore. Dive into what’s next.