APPLE

Apple warns of spyware that can jnvade iPhones and steal user data; learn how to protect your device

Apple has issued a security alert for iPhone users after the discovery of spyware capable of invading devices and stealing personal data. The company advises that devices be updated immediately to avoid attacks that could compromise sensitive information.

The problem mainly affects phones that still run older versions of the iOS system, released between March and August 2025. According to security researchers, between 220 million and 270 million iPhones may still be vulnerable.

The malicious software, identified by experts as a sophisticated digital espionage tool, can access messages, emails, contacts, location, and even cryptocurrency wallets. In some cases, the attack occurs through infected links or compromised websites, exploiting flaws in the Safari browser and in the system's graphic resources.

In addition to its intrusion capabilities, the spyware stands out for acting quickly and without leaving traces. After collecting the data, it can erase evidence of the intrusion, making it difficult for the user or security systems to detect. Devices running the latest and most up-to-date versions of iOS 15 through iOS 26 are already protected, according to Apple.

Investigations conducted by companies such as Google, Lookout, and iVerify indicate that the tool has already been used in campaigns targeting different groups around the world, including users in Ukraine, Saudi Arabia, Turkey, and Malaysia, as well as cryptocurrency investors.

Given the seriousness of the situation, Apple recommended that users install the latest version of iOS, which fixes the exploited vulnerabilities. It is also advised to avoid clicking on suspicious links and, in cases of higher risk, to activate additional protection features, such as the system's "lock mode."

"We thoroughly investigated these issues as soon as they were identified and released software updates as quickly as possible to the latest versions of the operating system in order to fix the vulnerabilities and stop these attacks," the company said in a statement.

What is DarkSword, and how can it be used to hack iPhones? DarkSword, according to researchers, is an exploit chain—a type of cyberattack in which a hacker uses multiple software vulnerabilities to infiltrate a user’s device and pull information from it. These combined exploits allow hackers to attack a device via multiple entry points, making them harder to defend against. 

The Google Threat Intelligence Group said in a report released on Wednesday that DarkSword “uses six different vulnerabilities to fully compromise a vulnerable iOS device.”

Lookout, which published its findings in coordination with Google, said DarkSword uses such vulnerabilities to gain higher-level permissions and privileges in a phone’s systems in order to “access sensitive information and exfiltrate it off the device.” 

Lookout found that hacks using DarkSword start with web browser Safari before moving into other phone systems. The exploit tool employs a “hit-and-run” tactic, the cybersecurity company explained, extracting information within seconds or, “at most,” minutes before cleaning up the data it collected and exiting.

McCoy tells TIME the attacks made through web browsers are called “drive-by downloads,” during which a user need only click on a link, rather than make a download to their device, in order for a hacker to gain access to their information. 

Among the websites researchers identified as being used in DarkSword attacks was one with a gov.ua address, according to iVerify, which the company noted indicates that the Ukrainian government’s server had been compromised. In another instance, Google found that hackers targeted Saudi Arabian iPhone users through a website disguised to resemble the social media and messaging app Snapchat. 

"DarkSword appears to be a surveillance and intelligence gathering tool, blanket pulling data including Wi-Fi passwords, text messages, call history, root location history, browser history, SIM card and cellular data as well as health, notes and calendar databases, though it does also look for crypto wallets,” iVerify said in a news release on Wednesday. 

It has been used since “at least” November 2025 by “multiple commercial surveillance vendors and suspected state-sponsored actors” to exploit millions of targets, according to Google.

mundophone