DarkSword Targets iPhones Running iOS 18: Why Ukraine Should Be Concerned
Researchers from Google, Lookout and iVerify warn that the DarkSword tool is stealing data via browser vulnerabilities — the risk affects roughly a quarter of users who haven’t updated iOS. We explain what’s happening and what to do right now.
By Tetiana Suchkova-Ladik
March 19, 2026 · 2 min read
What happened
A team of security specialists — Google, Lookout and iVerify — described a tool called DarkSword in a Wired piece. According to their analysis, it is a set of exploits that allows attackers to compromise a iPhone via the browser, without the need to install additional apps. The researchers report the use of DarkSword in several countries, including Ukraine.
How the attack works
The attack works like this: a user opens a compromised webpage, an embedded iframe launches a chain of exploits that elevates privileges and gives the attackers access to the system. After exfiltrating data, the tool can erase traces of its presence — which is why it is difficult to detect.
"DarkSword can obtain messages, passwords, iCloud data and access to cryptocurrency wallets."
— Wired, based on analysis by Google, Lookout and iVerify
Who is at risk
It is targeted at devices running iOS 18; researchers estimate the threat affects roughly a quarter of users who still have not updated. Journalists, volunteers, IT professionals and those who work with sensitive data — both personal and governmental — should pay particular attention.
What to do
Practical steps that meaningfully reduce risk:
- Update your iPhone to the latest iOS version — Apple has already patched the vulnerabilities in newer builds.
- Avoid clicking suspicious links, even if they come from people you know — the iframe requires no additional action from the user.
- Enable two-factor authentication (2FA) for your Apple ID and for critical services.
- For storing cryptocurrency, use hardware wallets or vetted solutions with multi-layered protection.
- If you suspect a compromise — contact your IT department or an independent cybersecurity specialist; consider reinstalling the system and changing passwords.
Context and consequences
Attack techniques that leave no obvious traces raise the bar for operational security management — both individual and corporate. Experts agree: in current conditions, information security is part of national security. For Ukraine, this means that updates and basic digital hygiene are not optional, but a necessity.
Conclusion
Apple has already released patches, but some devices remain vulnerable. A simple step — updating iOS and reviewing basic security settings — can significantly reduce the risk of data loss. The issue is technical in nature, but the consequences are social and national: are we prepared to defend the digital front as seriously as other areas of security?
