Spyware massively hacking iPhones through Ukrainian websites, Reuters reports

What Darksword is and how it infects a phone

Darksword is malware that targets iPhones through infected websites. Simply visiting such a site can allow the program to access your data.

According to iVerify and Lookout, attackers have placed Darksword on dozens of Ukrainian websites. Devices running iOS versions 18.4 to 18.6.2 — released by Apple between March and August 2025 — were at risk.

iVerify and Lookout estimate that between 220 and 270 million iPhones still run these vulnerable iOS versions. The reason is simple: many users simply do not install updates.

Darksword is hosted on the same servers where another spyware, Coruna, was previously detected. Google and iVerify exposed Coruna on March 3.

Who is behind this

Google tracked several commercial providers and suspected state-linked hackers. Attacks were observed in Saudi Arabia, Türkiye, Malaysia, and Ukraine.

Researchers link the campaigns in Malaysia and Türkiye to the Turkish company PARS Defense, which specializes in commercial surveillance. A comment from PARS Defense could not be obtained.

What Apple says

A company representative stated that the attacks targeted "outdated software," and the main vulnerabilities have already been fixed in several updates over the past years.

Apple also noted that all malicious domains detected by Google have been blocked by built-in security measures.

What to do right now:

• Update iOS to the latest available version

• Check your settings: Settings General Software Update

• Enable automatic updates if you haven’t done so already

Earlier, RBC-Ukraine reported that Ukrainians were warned about virus emails sent in the name of the tax authorities. Scammers are attempting to infect users’ devices with malware and steal confidential data.

Criminals are also collecting data under the guise of the State Bureau of Investigation (SBI). Emails are being sent to various organizations from third-party addresses.