Security researchers from Lookout, iVerify and Google’s Threat Intelligence Group (GTIG) have uncovered a new advanced iOS exploit kit dubbed DarkSword. This browser-based attack chain targets iPhones running vulnerable builds of iOS 18.4–18.7 and can grant attackers full device compromise after a single visit to a malicious or compromised website in Safari.
DarkSword exploit kit: targeted iOS versions and scale of exposure
According to the technical analysis, DarkSword leverages a cluster of six critical iOS vulnerabilities: CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510 and CVE-2025-43520. These flaws have been patched in current iOS releases, but a substantial portion of the iPhone ecosystem remains on unpatched, exploitable versions.
iVerify estimates that about 14.2% of active iPhones — roughly 221.5 million devices — are still running iOS builds that contain at least part of this vulnerability set. If the entire iOS 18 line is assumed vulnerable, the potential exposure could reach up to 296 million devices worldwide. This places DarkSword in the same risk category as high-end commercial surveillanceware platforms historically used in state-backed and targeted espionage operations.
Connection to the Coruna exploit platform and commercial spyware ecosystem
Infrastructure analysis links DarkSword to a previously documented exploit delivery framework known as Coruna. Overlaps in command-and-control servers, delivery mechanisms and operational patterns strongly suggest a shared toolkit or a common commercial vendor supplying spyware capabilities to multiple customers.
This kind of modular exploit infrastructure is typical for mature surveillanceware vendors. It allows rapid reuse of vulnerabilities, fast integration of new iOS exploits, and flexible deployment across different campaigns and operators, indicating that DarkSword is part of a long-term, professionally maintained exploit ecosystem rather than a one-off attack.
How the DarkSword iOS attack chain works
Initial compromise via Safari and JavaScript JIT vulnerabilities
DarkSword attacks begin when a target opens a weaponized or compromised page in Safari. The first stage exploits bugs in the JavaScript Just-In-Time (JIT) compiler. JIT is a performance feature that translates JavaScript into native code at runtime; vulnerabilities here can allow arbitrary read/write access in the browser’s memory space, giving the attacker a foothold inside the Safari process.
Bypassing iOS hardening and escaping the sandbox
Once code execution is achieved in Safari, DarkSword systematically bypasses key iOS protections, including TPRO (code integrity mechanisms) and PAC (Pointer Authentication Codes), which are designed to prevent common memory corruption attacks. It then leverages a separate flaw in ANGLE — a graphics abstraction component used by Safari — to perform a sandbox escape, moving from the restricted browser environment into more privileged system contexts.
Kernel-level privilege escalation on XNU
The final stage of the exploit chain escalates privileges to the XNU kernel, the core of iOS. With kernel-level access, attackers can effectively control the operating system, bypassing most security boundaries, accessing sensitive data across apps and services, and installing further tooling without user interaction.
JavaScript-based post-exploitation framework
A notable feature of DarkSword is that the entire exploit kit and post-exploitation framework are implemented in JavaScript. After compromise, an orchestration component injects a custom JavaScript runtime into high-value iOS services such as App Access, Wi‑Fi, Springboard, Keychain and iCloud. This turns what begins as a browser exploit into a persistent data theft platform, capable of executing complex logic and exfiltration workflows exclusively through JavaScript.
Stolen data, malware families and monetization potential
DarkSword is designed to harvest a broad spectrum of sensitive data, including:
— account credentials and passwords;
— photos and media files;
— WhatsApp and Telegram message databases;
— SMS, contacts, call logs and browser history;
— cookies and Apple Health data;
— notes, calendars and saved Wi‑Fi passwords;
— cryptocurrency wallets (e.g., Coinbase, Binance, Ledger).
After exfiltration, DarkSword actively removes temporary artifacts and exits, prioritizing fast, stealthy data theft over long-term, noisy persistence. At least three identified malware families are currently delivered through the DarkSword framework:
GHOSTBLADE – a JavaScript-based infostealer with a strong focus on crypto asset theft;
GHOSTKNIFE – a feature-rich backdoor for extensive data collection;
GHOSTSABER – a JavaScript backdoor supporting both data exfiltration and remote code execution.
Observed DarkSword campaigns and threat actors
GTIG reports DarkSword in active use since at least November 2025. The first documented operator, UNC6748, targeted users in Saudi Arabia via a fake Snapchat website designed to lure mobile visitors into the exploit chain.
The exploit kit has also been linked to Turkish commercial spyware vendor PARS Defense, which reportedly deployed DarkSword against targets in Turkey and Malaysia. From December 2025, threat group UNC6353 used DarkSword in watering hole attacks on Ukrainian users by injecting malicious iframes into legitimate websites, including the “News of Donbas” portal and the website of the Seventh Administrative Court of Appeal in Vinnytsia.
In these Ukrainian operations, UNC6353 primarily leveraged GHOSTBLADE, focusing on stealing cryptocurrency-related data rather than installing a full-featured backdoor. This points to a mixed motivation model, combining espionage with direct financial gain.
Evidence of AI-assisted development and maturity of the platform
Code analysis of DarkSword and the associated Coruna framework revealed unusually detailed, well-structured comments explaining component behavior and design decisions. Such patterns are often associated with code generated or assisted by Large Language Model (LLM) tools. While not definitive proof, this suggests that modern AI tooling is likely being used to accelerate exploit and malware development, further lowering the barrier for sophisticated mobile spyware.
Lookout characterizes DarkSword as a professionally engineered, extensible platform, architected for long-term maintenance and rapid feature expansion via new modules. For the commercial surveillanceware market, this represents the emergence of another powerful, flexible toolset specifically targeting the iOS ecosystem.
To mitigate the risk from DarkSword and similar iOS exploit kits, iPhone users are strongly advised to update immediately to iOS 26.3.1 or 18.7.6, where all known DarkSword-related vulnerabilities are patched. In addition, users should avoid following links from untrusted sources, regularly review installed configuration profiles, and limit the use of third-party browsers and VPN applications with unclear reputations. Combined with continuous patching and cautious handling of targeted phishing or watering hole campaigns, these measures significantly reduce the likelihood of compromise even in the face of highly advanced mobile spyware platforms.
