According to the joint research published by Google's Threat Analysis Group, iVerify, and Lookout, DarkSword exploits vulnerabilities in iOS 18 through a technique known as a watering hole attack. Here is how it works: Hackers compromise legitimate Ukrainian websites that their targets are likely to visit When a target visits the compromised site on an iPhone, DarkSword silently exploits iOS 18 vulnerabilities The exploit gives attackers access to the device without the user clicking anything or installing anything This type of attack is particularly dangerous because the victim does not need to take any action — simply visiting a compromised website is enough.

Russian Hackers Are Targeting Your iPhone Right Now — The DarkSword Exploit Explained

Q: Who Is Behind It

The researchers identified Russia-sponsored hacking groups as the primary users of DarkSword, though they noted that other threat actors may also have access to the tool. The targeting of Ukrainian websites is consistent with Russia's ongoing cyber operations against Ukraine. The fact that three independent security research organizations — Google, iVerify, and Lookout — all converged on the same discovery suggests that DarkSword has been in use long enough to leave detectable traces.

Q: What iPhone Users Should Do

Update to the latest iOS version immediately — Apple typically patches vulnerabilities once they are publicly disclosed Enable Lockdown Mode if you are a high-risk target (journalists, activists, government officials) Be cautious about visiting unfamiliar websites, especially those related to the Ukraine conflict Use a mobile security solution like iVerify or Lookout for additional protection

By Jaspal March 19, 2026 Updated: March 19, 2026

A Powerful New iPhone Exploit Has Been Found

Researchers from Google, iVerify, and Lookout have discovered a powerful new iPhone-hacking technique called DarkSword that has been actively used by Russia-sponsored hackers to target iOS 18 devices through compromised Ukrainian websites.

This is not a theoretical vulnerability. DarkSword has been found in active use, making it one of the most significant iPhone security threats discovered this year.

How DarkSword Works

According to the joint research published by Google's Threat Analysis Group, iVerify, and Lookout, DarkSword exploits vulnerabilities in iOS 18 through a technique known as a watering hole attack. Here is how it works:

Hackers compromise legitimate Ukrainian websites that their targets are likely to visit
When a target visits the compromised site on an iPhone, DarkSword silently exploits iOS 18 vulnerabilities
The exploit gives attackers access to the device without the user clicking anything or installing anything

This type of attack is particularly dangerous because the victim does not need to take any action — simply visiting a compromised website is enough.

Who Is Behind It

The researchers identified Russia-sponsored hacking groups as the primary users of DarkSword, though they noted that other threat actors may also have access to the tool. The targeting of Ukrainian websites is consistent with Russia's ongoing cyber operations against Ukraine.

The fact that three independent security research organizations — Google, iVerify, and Lookout — all converged on the same discovery suggests that DarkSword has been in use long enough to leave detectable traces.

What iPhone Users Should Do

Update to the latest iOS version immediately — Apple typically patches vulnerabilities once they are publicly disclosed
Enable Lockdown Mode if you are a high-risk target (journalists, activists, government officials)
Be cautious about visiting unfamiliar websites, especially those related to the Ukraine conflict
Use a mobile security solution like iVerify or Lookout for additional protection

The Bigger Picture

DarkSword is the latest in a growing list of sophisticated iPhone exploits that challenge Apple's reputation as the most secure mobile platform. While iOS remains more secure than Android for most users, state-sponsored attackers with sufficient resources can and do find ways in.

The discovery also highlights the increasingly important role that third-party security researchers play in protecting users. Without the combined efforts of Google, iVerify, and Lookout, DarkSword might have continued operating undetected.

The Bottom Line

If you own an iPhone, update it now. DarkSword is real, it is active, and it targets the latest version of iOS. The fact that it was discovered through Ukrainian websites does not mean the threat is limited to that region — once a hacking tool exists, it tends to spread.

Apple will almost certainly release a patch soon. Until then, the best defense is keeping your software updated and being cautious about the websites you visit.