DarkSword Malware
Summary
Google Threat Intelligence Group has identified DarkSword, a new sophisticated malware targeting iOS that utilizes multiple zero-day vulnerabilities to achieve full device compromise. This exploit chain has been observed in use by commercial surveillance vendors and suspected state-sponsored actors since November 2025, targeting individuals in Saudi Arabia, Turkey, Malaysia, and Ukraine.
IFF Assessment
The discovery of a sophisticated iOS exploit chain like DarkSword, used by state-sponsored actors, represents a significant threat to user privacy and security.
Defender Context
This article highlights the ongoing threat of advanced persistent threats (APTs) and commercial surveillance vendors leveraging zero-day exploits to compromise mobile devices. Defenders should remain vigilant about the evolving tactics used in targeted attacks and ensure robust endpoint security measures are in place for iOS devices.