EXCLUSIVE: DARKSWORD iOS KIT UNLEASHES SIX-FLAW ASSAULT, STEALS CRYPTO IN SECONDS
A sinister new weapon is executing lightning-fast digital heists on iPhones worldwide. Dubbed DarkSword, this full-chain exploit kit leverages SIX critical vulnerabilities—including THREE zero-days—to seize total control of devices, pilfering credentials and draining crypto wallets in a matter of seconds before vanishing without a trace. This isn't just another data breach; it's a surgical, financially motivated strike.
Since at least November 2025, multiple threat actors, including suspected state-sponsored Russian espionage group UNC6353, have wielded DarkSword in targeted campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine. The kit specifically hunts iPhones running iOS 18.4 through 18.7, exploiting unpatched vulnerabilities to install malware that performs a rapid "hit-and-run" data extraction. Its discovery, coming just a month after the Coruna kit, signals a dangerous new era of proliferating, commercial-grade mobile exploits.
"DarkSword is a predator focused on crypto assets," revealed one cybersecurity analyst who reviewed the technical findings. "It automates the theft of private keys and wallet credentials with terrifying efficiency. The cleanup is so thorough, many victims may never know they were attacked until their blockchain security is already compromised." This highlights a grim reality: a thriving second-hand market now allows less-resourced groups to buy top-tier exploits, blurring the lines between espionage and crime.
Every iPhone user is now a potential target. This toolkit requires almost no interaction—no clicking a phishing link, no downloading a suspicious file. Simply visiting a compromised website through a malicious iFrame can trigger the exploit chain. The vulnerabilities, cataloged as CVE-2026-20700, CVE-2025-43529, and CVE-2025-14174, were previously unknown zero-days, proving that even Apple's walled garden has critical weak points.
We predict a surge in copycat campaigns as the underlying exploit code circulates in shadowy forums. The barrier to entry for devastating ransomware and data breach operations is crumbling.
Your phone is no longer just a phone; it's a bank vault under siege.
