DarkSword Malware

DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS.

Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG has observed multiple commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.

DarkSword supports iOS versions 18.4 through 18.7 and utilizes six different vulnerabilities to deploy final-stage payloads. GTIG has identified three distinct malware families deployed following a successful DarkSword compromise: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER. The proliferation of this single exploit chain across disparate threat actors mirrors the previously discovered Coruna iOS exploit kit. Notably, UNC6353, a suspected Russian espionage group previously observed using Coruna, has recently incorporated DarkSword into their watering hole campaigns.

A week after it was identified, a version of it leaked onto the internet, where it is being used more broadly.

This news is a month old. Your devices are safe, assuming you patch regularly.

Tags: Apple, cybercrime, exploits, iOS, malware, vulnerabilities, zero-day

Posted on May 5, 2026 at 6:42 AM • 17 Comments

Comments

Alan • May 5, 2026 8:39 AM

Your devices are safe, assuming you patch regularly.

They were never safe and still aren’t. There are surely more exploits actively being used and yet to be developed.

Clive Robinson • May 5, 2026 9:45 AM

@ Bruce,

“Your devices are safe, assuming you patch regularly.”

Err that is a “full on admission” that they are,

1, Not safe now.
2, For any given level of useful utility they never will be safe.

Which is a point I’ve been making for a while now.

@ Alan, ALL,

Which is why I suspect @Alan notes,

“They were never safe and still aren’t. There are surely more exploits actively being used and yet to be developed.”

As I’ve noted and indicated there is actually proof that software beyond a certain point can not be trusted, and will always be vulnerable in some way.

Worse the more complex the software the more likely it is to be not just vulnerable but untrustworthy.

Arguably this is why Current AI LLM and ML Systems” are failures in so many important ways.

For those that want some of the reasoning behind this, I gave it again just yesterday…,

https://www.schneier.com/blog/archives/2026/05/hacking-polymarket.html/#comment-454200

But aside from the nitty gritty details of the proof, for quite some time now I’ve talked about “instances” of vulnerabilities falling in “classes” of vulnerability attributes thus we have over all, in terms of “instances, classes”,

1, “Known, Knowns”
2, “Unknown, Knowns”
3, “Unknown, Unknowns”

Where the “Known, Knowns” can be found by “search and match” methods that LLM’s can do provided sufficient “class” information gets fed into the ML stage.

Some “Unknown Knowns” can be found by semi stochastic methods that are in effect “fuzzing”. Whilst LLM systems can find a few of these, the number falls of quite rapidly down to a base probability. Humans can apply various forms of “reasoning” and the new classes and instants thus reasoned out are known as “black swans”.

As for “unknown unknowns” this needs “reasoning” about attributes that form new classes in which new instants will fall. These are beyond even “black swans” that can be reasoned out.

A classic description of this “beyond reasoning” is the “Duck-Billed Platypus”(Ornithorhynchus anatinus). Which unlike a “black swan” that can be reasonably reasoned out, the platypus is an animal of such mixed and unrelated attributes, you would not be capable of reasoning it out logically thus would assume it was a “fantastical creature” on hearing it described,

https://en.wikipedia.org/wiki/Platypus

The point is software is such these days that it is not “reasoned out” by logic, it is just “stitched together” from odd unrelated parts…

As such the joining seams will almost always not match or fit together securely, thus leaving problems, many of which have not been, nor can be, envisioned currently or in the future…

Madame • May 5, 2026 2:18 PM

@Bruce should have written

“Your devices are safe from this exploit, assuming you patch regularly.”

Clive Robinson • May 5, 2026 2:28 PM

@ ALL,

Sent in parts due to auto-mod.

Part 3,

The second point to note is,

blockquote>“At least some parts of the Coruna toolkit, as TechCrunch previously reported, were originally developed by Trenchant, a hacking and spyware unit within U.S. defense contractor L3Harris, which sells exploits to the U.S. government and its top allies.

Clive Robinson • May 5, 2026 2:30 PM

@ ALL,

Sent in parts due to auto-mod.

Part 4,

Kaspersky has also linked two exploits in Coruna’s toolkit to Operation Triangulation, a complex and likely government-led cyberattack allegedly carried out against Russian iPhone users.

After Trenchant developed Coruna — somehow, it’s not clear how — these exploits found their way into the hands of Russian spies and Chinese cybercriminals, perhaps through one or several intermediaries who sell exploits on the underground market. “

That is it was a US Defence designed exploit that somehow “got free” to the Chinese and Russian cyber-criminals and authorities.

Making the point that all “assistance to Law Enforcement” will fairly quickly be found and liberated and used by undesirables both authoritarian and criminal –though there is not much difference– against users who “mistakenly go with convenience rather than established reasonable OpSec”.

Clive Robinson • May 5, 2026 2:32 PM

@ ALL,

Sent in parts due to auto-mod.

Part 5,

Which is why I really don’t recommend using “secure messaging apps” etc on a device where an attacker can easily “reach around” the “security end point” and access the plaintext user interface…

But much worse especially as even if such apps are “information secure” they are very very rarely “meta data secure”… So do paint a target on your back needlessly just from “network traffic observation” by an opponent who at any point may become hostile (think Great Fire-Wall of China and similar going in everywhere) …

I’ve described in the past a way to stop this “reach around attack” against “your security end point” OpSec issue with just a pencil and paper. Whilst it lacks “convenience” it does demonstrate the steps you should think about following, if your personal security is important to you.

Clive Robinson • May 5, 2026 2:33 PM

@ ALL,

Sent in parts due to auto-mod.

Part 6,

Once you understand the OpSec you can then decide how you make such a system “more convenient” for use… But as the oft repeated warning says,

“Don’t roll your own crypto / security system”

Because it’s all to easy to get it wrong if you try to make it to clever / convenient…

[1] If you use your Apple device as only a “communications node” rather than a “user display/play device” then provided the security you use on the actual “message” is sufficient then this current malware only alows access to user message ‘meta-data’ and ‘Cipher-Text’ not the actual message ‘plain-text’.

Diego • May 5, 2026 11:29 PM

This posts has fueled my passion, for my most favorite recurring trend in all of Cybersecurity: Really cool names. As I’ve been learning more and more, there’s just cooler and cooler names. Like really, “DarkSword.” Not too long ago I read about “StarKiller.” May I develop my own tool so I have the opportunity to name it!

On a real note, dang. New tools being made to exploit zero-days just keep coming. I see how it’s a constant struggle for security teams to keep up. Hopefully AI can prove itself as a great tool to help them keep up. Mythos seems to be a great tool to start, but will attackers always have the upper hand? Maybe. I think for security to keep up businesses would need to take it more seriously, investing more resources to help grow and refine it. Would that happen? Probably not.

lurker • May 5, 2026 11:31 PM

@Clive Robinson, Moderator

Do you mean if the Comment content starts with a “blockquote” tag?
Because I’ve not had any trouble with that here …

Winter • May 6, 2026 2:10 AM

Blockquote

@lurker, Clive

Do you mean if the Comment content starts with a “blockquote” tag?

I use the > at the start of a line, like above.

instead of blockquote, like this

Weather • May 6, 2026 4:25 AM

@Winter lurker clive

Last time i looked the this site did have Javascript, i think Clive should contact another way the Mod about xss

Weather • May 6, 2026 4:51 AM

@All

Probably a really old bug, on windows,
“Http://www.google.com” and “http://aaaaaaaaaaaafggwe.com”eg both equal 0x375fe5a do 7 duplicate of the same cache hash has a >= error, has to be done before the cpu switches threads.

@Winter,lurker,Clive html tags can be bad aswell.

Weather • May 6, 2026 4:29 PM

@All, Clive

” Don’t roll your own crypto / security system”

Give me 2 weeks and I’ll post prototype code. I’ll like to see someone crack it.

r • May 6, 2026 10:51 PM

@weather,

the funny thing about ‘cracking’ a distribution system is that it might not be declassified for 50 years.

it’s in the interest of ‘national security agencies’ logic to present a false sense of safety.

we may have an academic interest in various attacks, or an academic interest in researching methods of privatization but; it’s also within their interests to not enable conspiracy.

the recommendation to use off-the-shelf crypto is “good enough” to protect from those who suffer from financial blockades but for those with the resources to pollute NIST and maintain decades and decades of institional knowledge or enforce lavabit like dilemnas upon companies that refuse escrow or logging i don’t know. etc etc

FAANG (google v fdroid, microsoft, apple), facebook, and CAs

it’s the first step in submitting ourselves to an AGI when you start to wonder about losing ground to research and development capable AI.

i apologize if i am not being clear, i’m regularly accused of being hard to follow.

Clive Robinson • May 6, 2026 10:55 PM

@ Diego,

With regards,

blockquote>”New tools being made to exploit zero-days just keep coming. I see how it’s a constant struggle for security teams to keep up.”

blockquote>

There will always be new “zero-days” coming down the pipeline. Because as our level of understanding / sophistication grows, so will our ability to,

1, Reason out not just new “blackswan” classes of attack vulnerability instants.
2, But also spot the equivalent of entire new unforeseeable “platypus” classes rippling the surface of the water as they swim by…

With regards,

” Hopefully AI can prove itself as a great tool to help them keep up.

That’s actually unlikely with current AI LLM and ML systems. Because in reality they can only “pattern match” to existing “know classes” of vulnerability that were in the “training data” with some minor random close variations.

So as you note, whilst,

“Mythos seems to be a great tool to start, …”

It actually offers the same advantages and disadvantages to both sides on a “coin toss probability”.

However we then have to think further about the consequences of that on the $64,000 question you ask,

“But will attackers always have the upper hand?”

The answer is –put simply– “yes” based on just “time constraint issues” and that “attackers can work deep out of sight” developing first a “Proof of Concept”(POC) and then developing it into a fully developed APT attack. Whilst “defenders have to work in everyone’s sight” thus they don’t progress even as far as a POC in some cases before “attackers” get to know of the new attack instance and class “methods” and work them into their existing attack chains or attack chain prototypes.

That is for an attacker, if Mythos gives them a new instance/class only that individual attacker knows it, thus “has time” to develop not just a POC but a nicely integrated attack within their existing tool chain sets.

A defender only gets to see that new instance/class and work on it when three things have already happened,

1, It’s been developed into a “fully fledged” attack.
2, The use of the attack in some way shows up “in the logs” as anomalies “to be noticed”.
3, The log anomalies actually get both noticed and recognised as an attack by defenders with spare resources.

The third point being why we named certain stealthy and focused attackers as “Advanced Persistent Threats”(APTs). The second point is unfortunately why some APT attacks may go undetected for years. With the first point being why some APT attacks never get resolved… That is we get to see “payload” but not “intrusion” and why we knee-jerk call such stealth attacks as being “level III” or “State Level”.

Now consider that Mythos hands defenders a new instance/class of attack… Ask the question of what time constraints the defenders have on them, and the fact that as of yet nobody has produced more than a POC and not integrated it into attack tools and the resulting attack chains.

But further consider that new instance/class of APT attacks are increasingly now “compound attacks”. Where two or more zero-days are concatenated for each attack put into use. Some have used four or more zero-days and this makes the defenders job increasingly time and other resource constrained.

r • May 6, 2026 11:03 PM

once they plug an LLM or an AGI into analysis we may lose the battle on what is known to be decryptable, the AGI doesn’t have to disclose shit.

r • May 6, 2026 11:18 PM

the point of this being the same as the “going dark” argument isn’t lost on me.

DarkSword Malware

Comments

Leave a comment Cancel reply