Researchers at Google, iVerify, and Lookout jointly revealed a sophisticated iPhone hacking technique on Wednesday afternoon.
The tool, known as DarkSword, allows attackers to silently take over iOS devices visiting infected websites without user interaction.
This discovery places hundreds of millions of users at significant risk of personal data theft through standard web browsing.
Unlike previous espionage campaigns that targeted specific individuals with tailored payloads, this method operates indiscriminately against any visitor to compromised pages.
The hacking technique embeds itself within compromised components of legitimate websites to execute the exploit automatically.
Once a device interacts with the malicious code, the takeover occurs instantly and remains silent to the user.
Rocky Cole, cofounder and CEO of iVerify, warned that the implications are severe for the general public and corporate security alike.
He stated that a vast number of iOS users could have all their personal data stolen simply for visiting a popular website.
Hundreds of millions of people using older Apple devices or operating system versions remain vulnerable according to the analysis.
The research team found evidence linking the DarkSword campaign to the same Russian state-sponsored espionage group behind other recent attacks.
This group reportedly utilized the tool during a spate of espionage and cybercriminal campaigns across the web in early spring.
The attribution highlights an escalation in how threat actors deploy phone-takeover capabilities against broader populations.
Intelligence officials monitor these activities closely for national security implications.
Google described the activity as part of a broader trend following the revelation of a toolkit known as Coruna two weeks prior to this announcement.
Although researchers found DarkSword was created by different developers, the usage patterns align closely with previous state-sponsored operations.
Both tools serve as critical components for harvesting data from visitors’ phones through complex web vectors.
Investigations show the malware was embedded in components of otherwise legitimate Ukrainian websites, including major online news outlets.
A government agency site also hosted the infected content that facilitated the attack on visitor devices throughout the region.
This approach complicates detection since the traffic originates from trusted or partially trusted domains that users visit daily.
While the technique does not affect the latest updated versions of iOS, it works against versions running the previous operating system release.
As of last month, iOS 18 still accounted for close to 25% of iPhones according to Apple’s own internal count.
This statistic indicates a significant fraction of the world’s iPhone users currently lack protection against the exploit.
The shift from stealthy, targeted attacks to indiscriminate web-based exploitation marks a notable change in cybercriminal tactics over the last year.
Hackers have previously used these techniques so carefully that they were rarely seen in the wild against untargeted users globally.
Now, the deployment strategy focuses on volume rather than precision to maximize data harvesting potential for criminal enterprises.
Privacy advocates argue that this trend necessitates stronger browser isolation standards.
Security experts recommend users update their operating systems immediately to mitigate the risk posed by this specific vulnerability in the field.
Future developments will likely focus on how quickly Apple can patch the underlying flaw in the affected versions of the operating system.
The industry must watch for similar tools emerging as threat actors adapt to mobile security improvements and defense mechanisms.
Patch management remains the primary defense for end-users against these web-based attacks.
