- DarkSword is a hacking toolkit that steals cryptocurrencies, messages, and location data without user interaction, merely by visiting a compromised website.
- Apple released iOS 18.7.7 and iPadOS 18.7.7 to protect devices running iOS 18.4 through 18.7, impacting users in China, Malaysia, Turkey, Saudi Arabia, and Ukraine.
- Apple's Lockdown Mode provides effective protection, but its use significantly limits device functionality, which may not be practical for everyone.
Apple has issued a critical security update for older iPhones and iPads running legacy operating system versions, specifically targeting the DarkSword malware. This hacking toolkit, which was publicly leaked online, poses a direct threat to cryptocurrency users, as it can siphon digital assets, browsing histories, messages, and location data without requiring any interaction beyond visiting a malicious website.
This patch is critical for safeguarding digital assets and personal data on mobile devices, especially for cryptocurrency users who manage wallets and exchanges from their phones.
The crypto risk in focus
DarkSword operates via drive-by web attacks, where malicious code executes automatically upon loading a compromised page. This eliminates the need for users to download files or click links, making infections stealthy and hard to detect. For the crypto community, the danger is particularly acute: many individuals manage digital wallets, access exchanges like Binance, or store private keys on their mobile devices. A successful attack could lead to irreversible fund losses, especially if attackers gain access to two-factor authentication credentials or recovery data.
Geographic scope and affected devices
DarkSword attacks have already been observed in China, Malaysia, Turkey, Saudi Arabia, and Ukraine, indicating a coordinated international campaign. Apple notes that devices running iOS 18.4 through 18.7 are most vulnerable, covering a wide range of iPhone and iPad models released in recent years. Interestingly, the iOS 18.7.7 update targets users who could have upgraded to iOS 26 but chose not to, highlighting a complacency issue in security among owners of relatively modern hardware.
DarkSword can steal cryptocurrencies merely by visiting a website, putting millions of global users at risk.
Lockdown Mode as an additional defense
Apple has also reiterated that its Lockdown Mode, an extreme security feature introduced in recent versions, provides effective protection against DarkSword. The company states it is unaware of any successful attacks against devices with this feature enabled. This underscores the importance of enabling advanced security settings, especially for users handling valuable digital assets. However, Lockdown Mode significantly limits device functionality, which may not be practical for everyone.
Implications for the mobile security ecosystem
The public leak of DarkSword on platforms like GitHub lowers the barrier to entry for malicious actors, allowing less sophisticated groups to launch attacks. This could lead to an increase in cryptocurrency theft incidents via mobile devices, pressuring exchanges and financial services to bolster their authentication measures. Furthermore, this episode serves as a critical reminder for users to keep their systems updated and avoid browsing untrusted websites on devices storing digital assets.
What affected users should do
iPhone and iPad owners with iOS 18.4 through 18.7 should immediately install the iOS 18.7.7 or iPadOS 18.7.7 update via Settings > General > Software Update. For added protection, consider enabling Lockdown Mode if the device supports it and security is prioritized over convenience. Cryptocurrency users should review their security setups, use hardware wallets for long-term storage, and avoid accessing financial services from browsers on potentially vulnerable devices.