DarkSword, a full-chain iOS exploit kit, has compromised iPhones across four countries since November 2025. Google Threat Intelligence Group, Lookout, and iVerify jointly disclosed the chain on March 18, 2026. Six vulnerabilities, three exploited as zero-days, give attackers kernel-level control on iOS 18.4 through 18.7.
GTIG identified three distinct threat actors deploying DarkSword. UNC6748 targeted Saudi Arabia through a Snapchat-themed phishing site. Turkish spyware vendor PARS Defense targeted Turkey and Malaysia. Suspected Russian espionage group UNC6353 hit Ukraine via watering hole attacks. iVerify estimates roughly 221.5 million devices remain vulnerable.
Six vulnerabilities from Safari to kernel
DarkSword runs entirely in JavaScript. No unsigned native binaries ever touch disk, bypassing Apple's Page Protection Layer and Secure Page Table Monitor.
The chain starts with one of two JavaScriptCore bugs depending on the iOS version. CVE-2025-31277 (JIT type confusion, patched in iOS 18.6) handles iOS 18.4 through 18.5. CVE-2025-43529 (garbage collection bug in the DFG JIT layer, patched in iOS 18.7.3 and 26.2) handles iOS 18.6 through 18.7. Both build fakeobj/addrof primitives and arbitrary read/write capabilities. Both chain with CVE-2026-20700, a PAC (Pointer Authentication Code) bypass in dyld, Apple's dynamic linker. That bug was exploited as a zero-day and patched only in iOS 26.3.
CVE-2025-14174 (memory corruption in ANGLE, the graphics abstraction layer) escapes Safari's WebContent sandbox into the GPU process. Also a zero-day, patched in iOS 18.7.3 and 26.2. From the GPU process, CVE-2025-43510 (copy-on-write kernel memory bug, patched in iOS 18.7.2 and 26.1) builds arbitrary function call primitives inside mediaplaybackd. The attackers load a copy of the JavaScriptCore runtime into that service and execute the final stage within it.
CVE-2025-43520 delivers the final blow. A race condition in XNU's virtual filesystem (patched in iOS 18.7.2 and 26.1) provides physical and virtual memory read/write from kernel context. CISA added CVE-2026-20700 to the Known Exploited Vulnerabilities catalog.
Three actors, three implants, four countries
UNC6748 used a Snapchat-themed phishing site (snapshare[.]chat) to deliver DarkSword in Saudi Arabia starting November 2025. Its implant, GHOSTKNIFE, is a JavaScript backdoor that exfiltrates signed-in accounts, messages, browser data, location history, and audio recordings. GHOSTKNIFE communicates with C2 servers over a custom binary protocol encrypted with ECDH/AES and actively deletes crash logs to evade forensics.
PARS Defense deployed the chain against targets in Turkey in late November 2025 with better operational security. Exploit loaders were obfuscated. Exploit delivery between server and victim was encrypted with ECDH/AES. iOS version detection worked correctly. A different PARS Defense customer used the same chain in Malaysia in January 2026. Their implant, GHOSTSABER, supports 16+ commands including arbitrary SQL queries against any SQLite database on the device.
UNC6353 ran watering hole attacks on compromised Ukrainian websites from December 2025 through March 2026. Compromised sites loaded a malicious script from static.cdncounter[.]net. A Russian-language comment in the source reads "если uid всё ещё нужен — просто устанавливаем" ("if uid is still needed, just install it"). The GHOSTBLADE implant takes a "hit-and-run" approach. It grabs iMessage, Telegram, WhatsApp, call logs, contacts, keychains, and Wi-Fi passwords. It also harvests photos, iCloud Drive, Notes, Health data, Safari history, and crypto wallets, then cleans up within minutes. GTIG collaborated with CERT-UA to mitigate the campaign.
Your experienced Russian threat actors, your APT29's of the world, I would expect them to have better OPSEC.
— Justin Albrecht, global director of mobile threat intelligence, Lookout
GTIG spotted telling differences in deployment. UNC6748 had logic bugs in its loader, serving the wrong iOS version's exploit in some cases. PARS Defense deployed with correct version routing and encryption. UNC6353 routed correctly but only supported iOS 18.4 through 18.6 despite operating later than the other actors.
Second iOS mass-exploitation kit in a month
DarkSword is the second iOS exploit kit disclosed in under a month. GTIG and iVerify reported the Coruna exploit kit earlier in March 2026. Coruna targeted 23 vulnerabilities in iOS 13 through 17.2.1, including nearly a dozen zero-days. UNC6353 has now used both Coruna and DarkSword against Ukrainian targets.
Lookout called UNC6353 "a Russia-backed privateer group or criminal proxy threat actor." The GHOSTBLADE sample contained debug logging and extensive code comments. Lookout found patterns suggesting LLMs helped create at least some implant code. A reference to startSandworm() appeared in the GHOSTBLADE libraries but was not implemented. Sandworm is GRU Unit 74455, though GTIG did not draw a direct connection.
Defenders need to treat mobile zero-days like enterprise-grade intrusion paths, which includes validating controls continuously and not assuming an intrusion will stay inside the box it's labeled with. 'Financial' and 'espionage' are convenient categories, but the same access and tooling can enable both outcomes in the same campaign.
— Pete Luban, field CISO, AttackIQ
Patches and what to do
GTIG reported all DarkSword vulnerabilities to Apple in late 2025. All six CVEs are patched. Most were fixed before iOS 26.3. CVE-2026-20700 (the PAC bypass zero-day) was patched in iOS 26.3. Google added all DarkSword delivery domains to Safe Browsing.
iVerify confirmed that Lockdown Mode blocks DarkSword. The iPhone 17's Memory Integrity Enforcement provides protection as well. iVerify is offering its Basic app for free until May. Apple has not published a statement on DarkSword.
Update to iOS 26.3.1 or iOS 18.7.6 immediately.
Users who cannot update should enable Lockdown Mode. A single visit to a compromised website is sufficient for device compromise, data exfiltration, and cleanup within minutes.
Have a story? Become a contributor.
We work with independent researchers and cybersecurity professionals. Send us a tip or submit your article for editorial review.
