DarkSword is a web-based toolkit capable of exfiltrating encrypted messages, browser histories, geolocation data, and crypto wallet keys when a user visits a compromised site.

Security experts warn that roughly 20% of iOS devices remain exposed, underscoring the urgency of patching, enabling Lockdown Mode for high-risk users, and treating DarkSword as a actively exploited mobile zero-day.

For high-risk individuals such as journalists and activists, enabling Lockdown Mode is recommended to reduce exposure, even as it comes with usability trade-offs.

The attack chain begins when a user visits a malicious or breached domain hosting the payload, enabling the toolkit to extract data and upload it to remote command-and-control servers.

Apple expanded the backported iOS 18.7.7 and iPadOS 18.7.7 updates to more devices to guard against the DarkSword web-based exploit chain, with the update delivered via Automatic Updates.

DarkSword has been linked to espionage and cryptocurrency theft, with attacks reported in Malaysia, Saudi Arabia, Turkey, and Ukraine.

Apple’s update is a precautionary measure to prevent exploitation and should not be viewed as optional or feature-driven.

General security guidance includes real-time anti-malware protection, avoiding suspicious links, content blockers, using hardware wallets for crypto, a password manager with MFA, 2FA, and regular review of app permissions.

Users targeted by such attacks should enable Lockdown Mode and follow best practices like strong authentication, password management with MFA, and permission reviews.

Industry observers note that broader device patching remains inconsistent, leaving many devices vulnerable until updates are applied or defensive modes are enabled.

Recent activity includes a March campaign attributed to Star Blizzard targeting government and related sectors, with a newer kit leaked on GitHub that lowers the bar for attackers.

Security researchers have tracked DarkSword campaigns since mid-2025, with prior notes from multiple groups about activity in several countries.