Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Last week, cybersecurity researchers A hacking campaign targeting iPhone users has been revealed Which uses an advanced hacking tool called DarkSword. Now, someone has leaked a newer version of DarkSword and posted it on code sharing site GitHub.
Researchers warn that this would allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems and who have not yet updated to the latest iOS 26 software. This could potentially affect hundreds of millions of iPhones and iPads in active use, according to Apple’s own data on older devices.
“That’s bad. It’s a very easy way to repurpose it,” Matthias Frelingsdorf, co-founder of mobile security startup iVerify, told TechCrunch on Monday. “I don’t think it’s possible to contain this anymore. “So we need to expect criminals and others to start spreading this.”
Frelingsdorf said these new versions of DarkSword spyware share the same infrastructure with the one he and his colleagues at iVerify made. It has been analyzed previouslyalthough the files are slightly different. The files uploaded to GitHub are uncomplicated, just HTML and JavaScript, meaning anyone can copy and paste them and host them on the server “in a few minutes to hours,” he said.
“The exploits will work outside the box,” Frelingsdorf said. “No iOS experience required.”
Kimberly Samra, Google spokesperson, who previously said He analyzed the DarkSword exploitHe said the company’s researchers agree with Frelingsdorf’s assessment.
Contact us
Do you have more information about Darksword, Coruna, or other government hacking and spyware tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram, Keybase, Wire @lorenzofb, or By email.
A security enthusiast who goes by the handle Mattyeux also told TechCrunch that it’s really trivial to use the leaked DarkSword samples. Matteo books In a post on
TechCrunch event
San Francisco, California
|
October 13-15, 2026
Apple spokeswoman Sarah O’Rourke told TechCrunch that the company was aware of the exploit targeting devices running old and outdated operating systems, and issued an emergency update on March 11 for devices unable to run recent versions of iOS.
“Keeping your software up to date is the most important thing you can do to keep your Apple products secure,” O’Rourke said, adding that devices with up-to-date software were not at risk from these reported attacks, and that Lock mode It would also prevent these specific attacks.
A spokesperson for Microsoft, which owns GitHub, did not immediately respond to a request for comment.
The code, which TechCrunch is not linking to because it could be used in active attacks, contains several comments describing how the exploits work and how to implement them.
One comment, likely written by one of the developers who worked on DarkSword, says the exploit “reads and extracts forensically relevant files from iOS devices via HTTP,” referring to stealing information from someone’s iPhone or iPad and sending the data over the Internet to an attacker-controlled server.
“This payload must be injected into a process with a file system access class,” the comment said.
In one case, the code refers to “post-exploitation activity,” describing the process after malware gains access to a person’s phone and hijacks its contents, including contacts, messages, call history and iOS keychain, which stores Wi-Fi passwords and other secrets, and dumps them in a remote server.
Another file contained references to uploading data to a popular Ukrainian clothing website, although TechCrunch could not immediately determine the cause. It was DarkSword It is allegedly used by the Russian government Hackers against Ukrainian targets.
This spyware works specifically against iPhones and iPads running iOS 18, according to iVerify. Googleand I noticewhich also previously analyzed the DarkSword malware.
According to Apple’s own numbersAbout a quarter of iPhone and iPad users are still using iOS 18 or earlier on their devices. with More than 2.5 billion Active devices, which likely equates to hundreds of millions of people whose devices are vulnerable to DarkSword attacks.
That’s why Frielingsdorf recommends everyone upgrade their iPhone’s operating system.
The DarkSword discovery came just a few weeks after researchers discovered another advanced iPhone hacking toolkit Known as Corona. As reported by TechCrunch, Corona was originally developed By defense contractor L3Harris, whose Trenchant division manufactures hacking tools for the US government and its allies.