Millions of iPhones have been hacked by hackers using the new DarkSword spyware
Google, along with two cybersecurity companies, are warning iPhone users about a new exploit that can steal data – all by visiting a website on the user’s iOS device.
DarkSword is a new hacking toolkit used by bad actors around the world. Reports of Google Threat Intelligence Group and cybersecurity companies Watch out again Verify detailed several vulnerabilities used to attack iOS devices running versions 18.4 through 18.7.
According to Apple developer’s websiteabout 25 percent of all iPhones are still on some version of iOS 18. It has strings points out that this means there are likely hundreds of millions of iOS devices vulnerable to DarkSword.
What makes DarkSword so disturbing? Unlike malware, DarkSword does not need to be installed on the target’s device. The victim just needs to visit the infected website. From there, DarkSword steals personal or financial data. And unlike most spyware, DarkSword isn’t used for long-term espionage.
“Unlike many other previously reported cases of sophisticated attacks on mobile devices, DarkSword is not designed for continuous surveillance,” Lookout wrote in its report. “Once it has finished collecting and extracting targeted data, it deletes the files it created from the device’s file system and exits. Its time on the device can be about minutes, depending on the amount of data it receives and extracts.”
Mashable Light Speed
Hackers using DarkSword take what they want from the victim in a short amount of time. Once the infected device is rebooted, the spyware is almost invisible on the device.
Hackers linked to Iran launch cyberattack against US medtech firm Stryker
DarkSword can be used to extract all kinds of personal data from an iOS device to a malicious actor. Call logs, contacts, calendars, notes, photos, screenshots, location history, web browser history, signed-in account identities, device keys, SIM card information, Find My Phone settings, WiFi passwords, iCloud content, and more can be sent to a threat actor with this attack. iMessage data, email, WhatsApp data, Telegram data, and even cryptocurrency wallet details can also be stolen.
Another concern with DarkSword is the cleanup of the cybercrime scene later. There is none. The hackers who used DarkSword left the code behind for anyone to access and use. In addition, it seems that these hackers are not worried about its discovery, which leads to the closure of the exploit, which means that they hope that new and similar attacks can be repeated with new tools.
A Google report provides details on some of the attacks carried out by DarkSword. For example, an early November incident targeted users in Saudi Arabia through a Snapchat-themed website called Snapshare. The website sent visitors to Snapchat’s official site while infecting the device to hide the malicious activity.
In the latest attacks carried out this month, a group of hackers suspected of working with the Russian government, known as UNC6353, installed DarkSword to target iPhone users in Ukraine. The group has somehow managed to compromise official Ukrainian news sites and official government websites to target its victims.
It is believed that this scary actor is also one of the acts that have been found but similar to this one called Coruna earlier this year. That hacking toolkit targeted older iOS devices that were still running iOS versions 13 to 17.
