• 🚨 iPhone users still running iOS 18 should update their devices to avoid potential infection from new spyware

• 🗡️ Known as DarkSword, the attack has been used by Russian and Chinese attackers on devices in Ukraine, China, Saudi Arabia, Turkey and Malaysia so far

• 😬 It works by a user clicking on a nefarious link on a spoofed website, and performs a digital hit-and-run on the data it wants before exiting

• 👍 Apple has advised users on iOS 18.4 to 18.7 to update to iOS 26.3, where these vulnerabilities have been fixed

If you’re still running an iPhone with iOS 18 installed, then you’ll want to update your device as soon as possible to minimize the risk of some new spyware that’s been found.

As per Time, hundreds of millions of iPhones could be susceptible to hackers using a new malware tool known as DarkSword if their software hasn’t been recently updated.

The news comes after an investigation by Google and cybersecurity firms Lookout and iVerify found that hackers, mainly from China and Russia, have been using this DarkSword tool to extract information from iPhone users on certain older versions of iOS.

Researchers from the three firms observed DarkSword attacks that have targeted users in Ukraine, China, Saudi Arabia, Turkey, and Malaysia. They did not report any hacks on American targets so far.

What is DarkSword?

DarkSword is an exploit chain type of attack, which works by a hacker using multiple software vulnerabilities to infiltrate a user’s device and pull information from it. The fact they’re combined exploits allow hackers to attack a device from multiple entry points, making them harder to defend against.

A report from the Google Threat Intelligence Group recently said that DarkSword uses “six different vulnerabilities to fully compromise a vulnerable iOS device.” To be specific, it’s using these vulnerabilities to gain higher-level permissions and privileges in the phone’s OS to access data.

Lookout found that the attack starts with the Safari web browser, before moving to other systems, employing what it describes as a “hit-and-run” tactic that extracts information within seconds or minutes at most, before cleaning up the data collected and exiting.

The attack is made through a web browser with what’s known as a “drive-by download”, during which a user needs to click on a nefarious link in order for a hacker to be able to gain information.

These websites can spoof other official sites, such as one in Ukraine using a gov.ua address, which iVerify found indicated that the Ukrainian government’s server had been compromised.

Furthermore, an attack in Saudi Arabia targeted users via a website that was designed to resemble the website for social media platform Snapchat.

A news release from iVerify explained further the information that DarkSword could collect, stating that it “appears to be a surveillance and intelligence gathering tool, blanket pulling data including Wi-Fi passwords, text messages, call history, root location history, browser history, SIM card and cellular data as well as health, notes and calendar databases, though it does also look for crypto wallets.”

It has been used since “at least” November 2025 by “multiple commercial surveillance vendors and suspected state-sponsored actors” to exploit millions of targets, according to Google.

Which iPhones could be at risk?

According to researchers, iPhones running iOS versions 18.4 to 18.7 could be at risk from DarkSword, working out to a potential 270 million devices that the attack could access.

How do I protect my device from potential attack?

According to a new support page from Apple, the important thing is to update your device to the latest version of iOS – that’s iOS 26 at the moment.

Google says that “all vulnerabilities were patched with the release of iOS 26.3 (although most were patched prior)”, so update to that version of iOS, and you should be okay.

Apple has also released updates for iOS and iOS 16 in March 2026 to extend protections for those with even older iPhones. Likewise, if you’re still on iOS 13 or 14, then update to iOS 15.

If iPhone users can’t update their devices further, Apple has also advised enabling “Lockdown Mode”, which is described as “an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats.”

Up next: There’s ‘still so much that we can do with the iPhone’, says Apple CEO

Reece Bithrey is a journalist with bylines for Trusted Reviews, Digital Foundry, PC Gamer, TechRadar and more. He also has his own blog, UNTITLED, and graduated from the University of Leeds with a degree in International History and Politics in 2023.