New iPhone Hacking Threat, “DarkSword,” Exposes Millions to Data Theft
Cybersecurity professionals are raising serious concerns about a sophisticated new hacking campaign, dubbed “DarkSword,” that poses a significant risk to the personal data of millions of iPhone users. This alarming development, detailed in a joint investigation by Google, cloud security company Lookout, and privacy platform iVerify, highlights a concerning evolution in mobile malware.
The DarkSword attacks specifically target iPhones running iOS versions 18.4 through 18.6.2. Employing a rapid “hit-and-run” strategy, these malicious operations can pilfer sensitive personal information, including text messages, emails, and precise location history, in a matter of mere minutes. The method exploits vulnerabilities within Apple’s default browser, Safari, and a graphics processing feature known as WebGPU. These elements are leveraged to bypass the robust security measures typically safeguarding iPhones. Once access is gained, the stolen data is exfiltrated almost instantaneously, with all traces of the intrusion meticulously erased, making detection an exceptionally challenging task for both users and security experts.
The sheer scale of the potential impact is considerable. According to iVerify, approximately 14 percent of all iPhone users, equating to over 221 million devices, are currently running iOS versions susceptible to this threat. This figure could escalate even further, potentially reaching up to 270 million devices if older or newer iOS iterations are also found to be vulnerable.
A Shift Towards Financial Gain
This new wave of cyber threats marks a significant departure from previous trends. Justin Albrecht, global director of mobile threat intelligence at Lookout, noted, “DarkSword represents a notable shift that we’ve predicted for years. Advanced mobile malware has ceased to be a tool wielded solely by governments for espionage and is now in the hands of groups seeking financial gain.” This observation underscores a growing trend where sophisticated hacking tools are increasingly being weaponised for profit rather than state-sponsored intelligence gathering.
Suspected Origins and Global Reach
Security researchers have attributed the DarkSword threat to a Russian-linked threat actor known as UNC6353, a group initially identified by Google. Evidence suggests that this actor, along with other state-linked hackers, has deployed DarkSword in various regions, including Saudi Arabia, Turkey, Malaysia, and Ukraine.
In Ukraine, for instance, UNC6353 has been observed compromising local websites by injecting malicious scripts. Upon visiting these compromised sites, users unknowingly downloaded malware onto their computers, which then proceeded to steal their personal information, as detailed by Google’s investigation. This method highlights the deceptive tactics employed, turning seemingly legitimate web browsing into a gateway for cybercrime.
Apple was contacted for comment regarding these vulnerabilities but did not provide an immediate response. However, the company has previously stated to Reuters that device vulnerabilities have been addressed through a series of updates implemented over several years. The ongoing nature of these threats, however, suggests that the battle for digital security remains a dynamic and evolving challenge.
Key Aspects of the DarkSword Campaign:
- Targeted Devices: iPhones running iOS versions 18.4 through 18.6.2.
- Exploited Vulnerabilities: Weaknesses in Apple’s Safari browser and the WebGPU graphics feature.
- Method of Attack: A rapid “hit-and-run” technique designed for swift data exfiltration and evasion.
- Data Compromised: Includes text messages, emails, and location history.
- Detection Difficulty: Intruders erase all traces, making post-attack analysis challenging.
- Estimated Affected Devices: Over 221 million, with potential to rise.
- Suspected Actor: UNC6353, a Russian-linked threat group.
- Observed Regions: Saudi Arabia, Turkey, Malaysia, and Ukraine.
- Motivation: Primarily financial gain, a shift from espionage.
