iPhone Hacking Tool Circulates on the Internet: Take These Steps Immediately

A major threat looms over hundreds of millions of iPhone and iPad users worldwide who do not regularly update their iOS. This is because a hacking tool named DarkSword has leaked to the public and can be used by anyone, even without special technical expertise.

Cybersecurity researchers have revealed that the latest version of DarkSword has been uploaded to GitHub, making the tool highly accessible and reusable for attacking Apple devices that have not been updated.

The primary targets are iPhone and iPad users still running older operating systems such as iOS 18 and have not updated to iOS 26.

“This is bad. The tool is too easy to reuse,” said iVerify founder Matthias Frielingsdorf, quoted from TechCrunch on Thursday (26/3/2026). “I’m not sure this can be contained anymore,” he added.

According to him, the circulating DarkSword code is very simple because it is based solely on HTML and JavaScript. This means anyone can copy and run it on a server in a short time.

“This exploit can be used directly. No special iOS expertise is required,” he emphasised.

The dangers of DarkSword are no joke. Once it successfully breaches a device, this malware can steal various sensitive user data, from contacts, messages, call history, to the iOS keychain that stores Wi-Fi passwords and other secret data.

That data is then sent to a server controlled by hackers.

Google researchers have also confirmed that this threat is real and aligns with previous findings. Even an independent researcher claims to have successfully hacked an iPad mini running iOS 18 using a leaked DarkSword sample from the internet.

Apple itself has acknowledged the existence of this vulnerability and released an emergency update on 11 March, specifically for devices that cannot run the latest iOS version.

“Updating your software is the most important step to keep your Apple products secure,” said Apple spokesperson Sarah O’Rourke.

Apple emphasised that devices that have already been updated are not affected by this attack, and the Lockdown Mode feature can also block the exploit.

The circulating code contains several comments explaining how the exploit works and how to implement it.

One comment, likely written by the DarkSword developer, states that the exploit reads and forensically extracts important files from iOS devices via HTTP. This means it can steal data from iPhones or iPads and send it to a server controlled by the attacker.

Another comment mentions that the payload must be inserted into a process with access to the file system.

This spyware specifically targets iPhones and iPads running iOS 18, according to iVerify, Google, and Lookout.

Based on Apple’s data, about a quarter of iPhone and iPad users are still using iOS 18 or earlier versions. With a total of more than 2.5 billion active devices, this equates to hundreds of millions of potentially vulnerable users to DarkSword attacks.

Therefore, Frielingsdorf recommends that all users immediately update their iPhone operating systems.