Leaked DarkSword iPhone Hack Is ‘Extremely Worrisome.’ How to Protect Your Phone Now

Calling all iPhone owners: Cybersecurity researchers from the Google Threat Intelligence Group and two cybersecurity companies, Lookout and iVerify, have identified a new hacking toolkit that puts iPhone owners’ data at risk. The toolkit, called DarkSword, is unlike other spyware and malware. Here’s what you need to know — and some simple fixes you can make now to stay safe.

DarkSword doesn’t use phishing scripts or emails, and it doesn’t require you to download suspicious apps to let hackers into your device. It works on “watering hole attacks,” Christoph Hebeisen, director of intelligence research at Lookout, told CNET in an email. Hackers create infected websites, including those made to look like Snapchat and government contractor sites.

“Because of this, such attacks are not only stealthy but also powerful in terms of what data they can access on the device,” Hebeisen said.

After you browse those sites, spyware can be activated and your information is at risk. DarkSword is not designed for continuous surveillance but it can access a variety of data, including your messages, iCloud content and even crypto wallets.

So far, the attacks have been limited to people outside the US, mainly in Saudi Arabia, Turkey, Malaysia and Ukraine, according to Google. But the spyware was made publicly available on GitHub, first spotted by TechCrunch. That means it will be very easy for any number of bad actors to use it.

“The availability of this kit to the public is of great concern given the high number of active devices at risk,” Hebeisen said. DarkSword was created to suit different uses, for developers and vibe coders alike. “Opportunistic attacks using this asset seem very likely.”

The researchers found that the vulnerable phones were running software versions from last year, including iOS 18.4 to 18.7. That’s not all phones, but as Apple’s data confirms, about one-fifth of iPhone owners are still using iOS 18, leaving potentially millions of people at risk.

Google said it was being used by “multiple surveillance vendors and suspected government-sponsored actors” and reached out to Apple in late 2025 with its findings. In a support page published on March 19, Apple said: “We carefully investigated these issues as they were discovered and released software updates as soon as possible in the latest versions of the operating system to address the vulnerability and thwart those attacks.”

The DarkSword spyware reports are alarming, but basic iOS software cleanliness can go a long way to keeping your data safe. Here’s what iPhone owners can do now to stay safe.

Keep your iPhone software updated

While Apple has implemented fixes behind the scenes, you still need to take action to ensure your iPhone is safe. There is a simple but necessary step to keep your phone protected from external threats: Update your iOS software.

“I always recommend people update their iPhone to the latest iOS software as soon as possible,” said CNET expert Zachary McAuliffe. “Updates often include new features, but more importantly, they often fix security issues. Delaying an update means that malicious actors may exploit vulnerabilities in your iPhone, putting your personal data and system security at risk.”

Apple said people who have kept their phone software up to date are already protected. Google said iOS 26.3the latest software update, includes fixes to prevent DarkSword attacks, as previous updates did. Again iOS 26.3.1 (a)a minor security-focused update to the core software, released on Wednesday.

To update your iPhone software, go to Settings > General > Software Update. If an update is available, it will prompt you to download and install it. Some older iPhone models may not be able to run iOS 26. Check our guide to see if your iPhone can’t.

If you are not eligible for iOS 26, Apple urges iPhone users to update their software to at least iOS 15, which has protection for older iPhones. The company also says you can consider enabling Lock Mode to protect against malicious web content and other threats.