New iPhone malware spotted by Google, it affects "hundreds of millions" devices with this iOS version

Mere days after we told you about Coruna – the iPhone exploit kit that's after your money and financial info – it's time for Darksword.

Darksword is malware that was spotted by Google, iVerify (a mobile security company) and the cyber firm Lookout, Reuters reports. Similarly to Coruna, the exploit kit targets your money and can steal your cryptocurrency wallet information, for example.

The malware has been planted

Darksword could "potentially affect hundreds of millions of devices", researchers say. The malware has been found in campaigns against targets in Saudi Arabia, Turkey, Malaysia and Ukraine. If you're in the US and on the latest iOS version, you're probably safe, but as a daily reminder: please don't click, don't open random links and messages. These could land in your inbox and could even be sent by a friend of yours if he or she is infected in the first place.

The Darksword sophisticated malware could affect iPhone units that run iOS versions 18.4 to 18.6.2 (which were released in 2025), so we're not talking about some ancient iOS version here.

Many people have turned automatic updates on and have long updated to iOS 26 (if their device allows them to), but according to some statistics, up to 270 million iPhones still run "exposed" iOS versions.



Apple responded to the reports about the newly discovered iPhone exploits by explaining that the attacks primarily targeted devices running outdated software. The company said that the vulnerabilities behind the exploits have already been fixed through several software updates released over the past few years for users who keep their devices on the latest versions of the operating system.

According to Apple, keeping software up to date remains the most effective way for users to maintain the strong security protections built into its devices. The company also noted that the malicious domains identified by Google have already been blocked through Apple Safe Browsing in the Safari browser, which helps prevent users from accessing those harmful websites.

The emergence of two powerful iOS exploit tools in the same month indicates that the market for such tools may be expanding beyond its traditional boundaries. Rocky Cole, the co-founder and chief operating officer of iVerify, suggested that these kinds of sophisticated exploits were once mostly limited to state-level intelligence agencies, but the latest discoveries hint at a broader ecosystem now forming around them.

$5/mo off for 5 years on Visible premium plans

$30 /mo

$35

$5 off (14%)

New members get $5/mo off the $35/mo Visible+ plan or $5/mo off the $45/mo Visible+ Pro plan for the first 60 months when they port-in from an eligible carrier. Use code 5OFF5 at checkout to save up to $300.

Buy at Visible