Recently, a new iPhone vulnerability named "DarkSword" has been exposed, posing a serious threat to hundreds of millions of cryptocurrency users worldwide. According to disclosures by Google's Threat Intelligence team, the vulnerability was discovered in March 2026 and primarily affects devices running iOS versions 18.4 to 18.7, with an estimated 270 million iPhones at risk.
The attack method of "DarkSword" is extremely stealthy and requires no user interaction. Users simply need to visit a maliciously tampered website, and hidden code will automatically activate on the device, potentially leading to complete control of the entire device.
How "DarkSword" Works and Its Data Stealing Capabilities
The vulnerability exploits a series of six security flaws, three of which are classified as "zero-day vulnerabilities" – meaning they were unknown and unpatched by the vendor before disclosure. When users browse to a spoofed or compromised website, the lurking code silently executes.
The entire process occurs in the background, with users receiving no warning prompts and requiring no click operations to trigger the attack. Once the device is successfully compromised, attackers can steal cryptocurrency wallet data and mnemonic phrases stored on the phone. Additionally, various passwords saved on the device, as well as private conversations from communication apps like Telegram, WhatsApp, and iMessage, may also be exposed.
Even more concerning, the malware can extract users' photos, location history, and even record audio through the device's microphone.
Security analysts point out that "DarkSword" differs from typical espionage activities in that its attack targets are specifically crypto wallet applications and mnemonic phrases, indicating it is a financial attack specifically aimed at the assets of crypto users, with the goal of completely emptying their digital assets.
Google Warns: iPhone 'DarkSword' Vulnerability is Stealing Crypto Wallets and Personal Data
Google's latest report reveals a dangerous iPhone vulnerability named "DarkSword" capable of stealing users' crypto wallets, passwords, and a large amount of sensitive personal information.
This threat is particularly severe for users who store critical information such as mnemonic phrases on their phones. Security experts have long advised users against storing such sensitive data on mobile devices, and the emergence of "DarkSword" undoubtedly provides the strongest evidence for this recommendation, prompting crypto asset holders to re-evaluate their information security storage methods. Transferring mnemonic phrases to offline storage is a practical step to mitigate risk.
The Masterminds Behind "DarkSword" and Device Protection Measures
Google's investigation indicates that three independent threat groups are involved behind "DarkSword," including the Russian espionage group UNC6353, the Turkish surveillance technology provider PARS Defense, and an unknown organization codenamed UNC6748. The joint effort by multiple well-resourced organizations to push a vulnerability exploit makes this attack campaign even more unsettling.
The report states that the targets of this vulnerability are spread across regions such as Ukraine, Saudi Arabia, Turkey, and Malaysia. However, given that the attack vector is through websites, iPhone users in any region could potentially become victims. Therefore, all users should treat this as an active threat and take protective measures immediately.
Apple has responded swiftly and released security patches for all six vulnerabilities exploited by "DarkSword." Users can obtain the fix by updating to iOS version 26.3.
Users who delay their updates will remain fully exposed to the risks of the vulnerability. This is the second major iOS security incident reported this month, once again highlighting the importance of timely system updates to counter the growing landscape of cyber threats.