Last week, DarkSword was then posted to open source code repository GitHub, making it all the more accessible. Security firms Malfors and Proofpoint soon after warned that another Russian hacker group linked to the Kremlin’s FSB intelligence agency was sending out phishing emails that used the technique. Independent security researcher Johnny Franks tells WIRED that he found yet another new, active domain—a fake website written in English, capable of infecting US-based users—that was part of a DarkSword hacking campaign as late as Thursday of last week, a finding confirmed by mobile security firm iVerify.
Despite DarkSword’s growing threat to iOS 18 users, many stubbornly refused to update to iOS 26. On Reddit channels related to cybersecurity and iOS, some self-identified iPhone owners discussing DarkSword argued that Apple seemed to be taking advantage of the DarkSword hacking campaigns to push them onto its latest OS version, which some have found to be slow or overly animated.
“Apple is trying to force you onto the dumpster fire that is liquid glass,” one Reddit user wrote.
“If this is so serious, why wouldn’t Apple insert a fix into iOS 18.x,” another Redditor named asked.
“It’s all bullshit propaganda!” another user wrote. “Not updating my phone is perfect on iOS 18.1.1.”
For cybersecurity experts who have been waiting for Apple to act, the company’s move to now cater to those stubborn iOS 18 users received “better-late-than-never” reviews. “Apple is now, finally, doing this for the DarkSword exploits, but only after they were already being abused by other attackers, putting iOS users at risk,” says Patrick Wardle, a former NSA hacker and now the CEO of the Apple-device-focused security firm DoubleYou. “If protecting users actually matters, backporting critical fixes should be standard, not the exception.”
DarkSword is, in fact, the second sophisticated, in-the-wild iPhone hacking technique in just the last month that’s inspired Apple to take the rare step of pushing out fixes for older versions of iOS. Earlier in March, the company also backported patches to protect users from a different, even more sophisticated iOS hacking toolkit known as Coruna. A week after researchers at Google and iVerify revealed that the Coruna iOS exploitation kit—which was likely created for the US government—had spread from Russian espionage hackers to profit-focused cybercriminals, Apple released security fixes for iOS 17, the even older version of Apple’s mobile operating system that was vulnerable to Coruna’s set of hacking techniques.
DarkSword’s ability to compromise iOS 18 devices, however, left a different set of users vulnerable. Rocky Cole, cofounder of iVerify, notes that some of those users may have held out on updating to iOS 26 until now not simply because they don’t like its features but because they use specific or custom-made apps that aren’t compatible with newer operating systems. In the UK, Apple has also added age verification features to iOS 26 that some users have resisted. Others may simply not have had enough storage space on their phone to carry out the update.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25137775/STK115_Reddit_03.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25255988/246965_vision_pro_AKrales_0140.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25330660/STK414_AI_CHATBOT_H.jpg)
