Lookout Inc., a leading mobile security firm, discovered DarkSword iOS, a sophisticated exploit chain and information stealer. This development marks a new phase in mobile threats driven by financial gain and accelerated by AI. Lookout Threat Labs reports that DarkSword targets iPhones running iOS 18.4 to 18.6.2 using a “hit and run” method. This allows it to quickly steal information and cover its tracks.
Mobile Threat Intelligence Breakthrough
Google and iVerify assisted the investigation, while Lookout provided independent research and mobile threat analysis. Researchers identified UNC6353 as a well-funded threat actor, possibly of Russian origin, highlighting sophisticated mobile cyberattacks. This investigation highlights the significance of platform intelligence and the need for mobile threat research to uncover complex attack campaigns.
Inside the DarkSword Exploit
DarkSword represents a structural shift in the mobile threat landscape, where attackers exploit devices controlling identity, access, and assets.
“DarkSword represents a notable shift that we’ve predicted for years,” said Justin Albrecht, global director of mobile threat intelligence at Lookout. “Advanced mobile malware has ceased to be a tool wielded solely by governments for espionage and is now in the hands of groups seeking financial gain. Between the rise in social engineering attacks targeting mobile devices and the availability of tools like DarkSword, it’s time to take mobile security seriously and ensure that security teams have visibility into the increasing volume of threats targeting their mobile endpoints.”
The exploit leverages Safari and WebGPU vulnerabilities to escape the iOS sandbox and execute privileged code. It collects messages, emails, iCloud data, credentials, and device intelligence, while minimizing detection time for defenders.
“The emergence of exploit chains like DarkSword highlights a shift in the mobile threat landscape, with attacks requiring little to no user interaction,” said Mike Jude, Research Director at IDC. “As mobile devices serve as gateways to both personal and enterprise data, mobile risk has become business risk and organizations must recognize that traditional security approaches are insufficient. To reduce exposure, organizations should have proactive mobile security, including monitoring, device management, and rapid patching.”
For related updates on digital trust and cybersecurity, explore our SOC News.
Source: Businesswire
