Key Highlights
- iOS users worldwide are now playing a high-stakes game of whack-a-mole with DarkSword.
- GHOSTBLADE et al. are like ghostly roommates who steal your data and eavesdrop on your secrets.
- Just visiting a dodgy website? Consider your device technically yours no longer.
DarkSword, the latest iOS exploit, is doing for crypto what termites do for your house: quietly, ruthlessly, and with zero remorse. It’s exploiting iOS 18.4-18.7 like it’s a buffet of security holes, and the only thing users need to do is… breathe near a compromised website. How’s that for hospitality?
Charles Guillemet of Ledger, with the gravitas of a man who’s seen too many horror movies, warns that DarkSword is “deployed at scale via watering-hole attacks.” Translation: If you’ve ever thought, “Hmm, what’s on this random site?” you’ve probably just handed over your digital diary. Affected regions? Ukraine, Saudi Arabia, Turkey, Malaysia-basically, anywhere Apple’s security team isn’t currently hiding.
And just to make it a party, this comes hot on the heels of Google’s Coruna exploit, which turned iOS 13-17.2.1 into a nation-state playground. Remember when exploits were supposed to be rare and mysterious? Those were the days.
🚨 DarkSword is here, and it’s not here to chat. One website visit = full surveillance, data theft, and a one-way ticket to Total Device Controlville.
Coruna proved it: State-grade exploits don’t stay in government hands-they leak, spread, and turn your phone into a spy. One visit to a…
– Charles Guillemet (@P3b7_) March 18, 2026
Google’s GTIG team confirmed DarkSword’s been chilling since November 2025, hanging out with commercial surveillance firms and state-sponsored actors like it’s a networking event. The malware chain? A trio of GHOSTs (BLADE, KNIFE, SABER) that treat your messages, browser history, and even your microphone like they’re on a data-collecting holiday. And yes, they bypass Apple’s security layers with the enthusiasm of a toddler in a candy store.
How DarkSword Works
DarkSword is like a six-part heist movie. It starts by tricking Safari’s JavaScript engine into running malicious code-older iPhones get one exploit, newer ones another, and somehow Apple’s security checks are still napping. From there, it breaks out of Safari’s sandbox like it’s escaping a toddler’s playpen and slinks into your system processes. Finally, it escalates privileges to take full control… all via JavaScript. No downloads, no clicks, just pure digital negligence on your part.
Targeted Campaigns and Ghostly Guests
DarkSword’s got more friends than a social media influencer. UNC6748 in Saudi Arabia lured users to fake Snapchat sites with GHOSTKNIFE, while PARS Defense in Turkey/Malaysia used GHOSTSABER and encrypted tools to track devices like they’re in a spy thriller. And let’s not forget UNC6353, the Russian-linked group that hit Ukrainian sites with GHOSTBLADE-a data-hoovering ghost that deletes its own crash logs to cover its tracks. Polite, really.
Experts are now squirming in their chairs, because DarkSword means anyone who visits a legitimate website could be compromised. So, next time you open Safari, remember: your phone might be watching you back-and it’s not even blinking.
Read More
- Brent Oil Forecast
- Gold Rate Forecast
- Bitcoin at Halfway Through Halving: Gains Lag Behind Previous Cycles
- Silver Rate Forecast
- ADA PREDICTION. ADA cryptocurrency
- USD CLP PREDICTION
- USD MYR PREDICTION
- USD TRY PREDICTION
- DOGE PREDICTION. DOGE cryptocurrency
- WLD PREDICTION. WLD cryptocurrency
2026-03-19 10:47