Spyware deployed by Russian hackers could compromise millions of iOS devices
Discovery is the second uncovered this month targeting Apple devices
The market for malware capable of stealing data and cryptocurrency is flourishing, with researchers at Google and cybersecurity firms iVerify and Lookout revealing the discovery of a new hacking tool.
Listen to this article
The technique, known as DarkSword, is being used by Russian hackers, taking over devices running iOS 18 that simply visit infected websites.
The technique doesn't affect the latest updated versions of iOS, but close to a quarter of iPhones still use the previous operating system.
iVerify's cofounder and CEO, Rocky Cole, said “A vast number of iOS users could have all of their personal data stolen simply for visiting a popular website.
“Hundreds of millions of people who are still using older Apple devices or older operating system versions remain vulnerable.”
The latest hacking discovery comes just two weeks after a more sophisticated hacking toolkit was discovered being used by what Google described as a Russian state-sponsored espionage group, alongside other hacker groups.
Read more: Major Chinese hacking operation 'tapped Downing Street phones' for years
Read more: Britain is racing to build killer drones, but what if hackers turn them against us?
An Apple spokesperson said that “every day Apple's security teams around the world work tirelessly to protect users' devices and data.”
All malicious domains identified by Google have since been blocked by Apple Safe Browsing in the Safari web browser.
DarkSword is designed to steal data from vulnerable iPhones that include passwords and photos, logs from iMessage, WhatsApp, and Telegram, browser history, Calendar and Notes data, and data from Apple's Health app.
DarkSword also steals users' cryptocurrency wallet credentials.
The infection doesn't persist on a phone after it reboots, but instead steals data from the phone within the first few minutes after it's hacked, which Cole calls a “smash-and-grab” approach.
The creator of DarkSword is still unknown, but researchers agree that it probably was not the Russian hackers deploying it.
Instead, they suspect a “broker” firm that buys and sells hacking techniques is responsible for the technology.