Piece of news of the day
ADVANCED SECURITY EUROPA
EOODUnveiling DarkSword: The Sophisticated iOS Exploit Kit Used by Multiple Threat Actors
Mar 19, 2026Recently, a new exploit kit for Apple iOS devices called DarkSword has been discovered and utilized by various threat actors since November 2025.
The exploit kit targets iPhones running iOS versions 18.4 to 18.7 and is used by suspected state-sponsored actors and commercial surveillance vendors in campaigns targeting countries like Saudi Arabia, Turkey, Malaysia, and Ukraine.
The kit aims to steal sensitive data, particularly from crypto wallet apps.
DarkSword uses multiple vulnerabilities to gain access to a victim's device and exfiltrate data within seconds.
The exploit chain has been linked to a suspected Russian espionage group named UNC6353, which has also used a similar exploit kit called Coruna.
DarkSword leverages JavaScript vulnerabilities to execute code and access privileged areas of the device for data harvesting.
The malware is designed for quick data exfiltration without persistent surveillance.
UNC6353, UNC6748, and PARS Defense are among the threat actors associated with DarkSword, targeting users in various countries with different malicious payloads.
The use of DarkSword in watering hole attacks on compromised websites raises concerns about the accessibility of high-quality iOS exploit chains to various threat actors.
These events highlight the importance of addressing the market for iOS exploits and the risks posed to devices running older iOS versions.
