Government-grade iOS exploit kit now freely available to hackers — up to 296 million devices may be exposed

A sophisticated iPhone spyware tool called DarkSword — originally developed by state-level hackers and linked to a Russian threat actor — has leaked publicly on GitHub, putting hundreds of millions of unpatched iPhones at risk. The exploit chains six vulnerabilities and can fully compromise a device after a single Safari visit, stealing text messages, location data, Wi-Fi passwords, and even crypto wallets. Devices running iOS 18.4 through 18.6.2 are affected.

What makes DarkSword particularly alarming is its accessibility. Before the leak, tools of this sophistication were limited to nation-state actors and well-funded intelligence agencies. Now, any hacker with basic technical knowledge can download and deploy it. Security researchers at iVerify, who first disclosed the tool, describe it as "the most capable iOS exploit kit ever made publicly available." The spyware also includes three post-exploitation payloads — codenamed GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER — that allow attackers to maintain persistent access and silently exfiltrate data over time.

The leak comes just weeks after a separate iOS spyware called Coruna was disclosed, suggesting a broader trend of advanced mobile surveillance tools entering the open market. Cybersecurity experts warn that millions of devices currently running older iOS versions will remain permanently vulnerable unless updated. Apple has patched all six vulnerabilities in iOS 26, but adoption of the update has been slower than usual. Security experts urge users to update to iOS 26 immediately or enable Lockdown Mode — and to avoid clicking unfamiliar links, particularly from foreign-language websites.