- By Prateek Levi
- Thu, 19 Mar 2026 03:23 PM (IST)
- Source:JND
Researchers on Wednesday found out that a highly potent malware designed to infiltrate Apple iPhones and gain access to sensitive information had been put up on dozens of websites in Ukraine in recent weeks. This software exploit can potentially impact millions of devices. This makes it the second such instance in just a month where viruses targeting iPhones and other Apple devices have been discovered.
Together, the discoveries suggest that the market for advanced malware, including tools that can steal personal data and cryptocurrency wallet information, is growing quickly.
ALSO READ: Instagram Launches AI Voice Effects In DMs: Try Filters Like Chipmunk, Robot, And More In India
The latest threat, dubbed “Darksword,” was analyzed by teams at Lookout, iVerify, and Google. Earlier this month, Google and iVerify had already revealed another powerful spyware strain called “Coruna.” Researchers later found that Darksword was running on the same servers.
“There’s now a verified pipeline of recent exploits ... that have ended up in the hands of potentially criminal entities with a financial focus,” said Justin Albrecht, principal researcher at Lookout.
Google said it observed different groups using Darksword in separate campaigns targeting people in Saudi Arabia, Turkey, Malaysia, and Ukraine. Some of the activity in Turkey and Malaysia was linked to a surveillance company called PARS Defense, which did not respond to requests for comment.
According to iVerify and Lookout, the malware was delivered through compromised websites. iPhone users running iOS versions between 18.4 and 18.6.2 could be infected simply by visiting certain Ukrainian sites. Those versions were released between March and August 2025.
It’s still unclear how many devices are vulnerable. While Apple has patched the underlying issues in newer updates, many users have not installed them. Estimates suggest that between 220 million and 270 million iPhones may still be running exposed versions of iOS.
Apple said the attacks targeted “out-of-date software,” adding that the vulnerabilities have been fixed in more recent updates.
“Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” a company spokesperson said.
Apple also said the malicious websites identified by Google have been blocked in Safari using its Safe Browsing feature.
Experts say the back-to-back discovery of powerful iOS exploits points to a shift in the landscape.
“The fact that they don’t care if it gets burned, and that they’re using them in mass attacks with poor operational security, that says a lot about how much they value these tools,” said Rocky Cole, co-founder and COO of iVerify. “They’re not overly precious about them being exposed.”
Researchers also found that Darksword was hosted on the same servers used by suspected Russian operators behind the Coruna spyware, further linking the two campaigns.
(Includes Agency Inputs)