Tech giant Apple has issued a stark warning to millions of iPhone users worldwide, urging them to update their devices immediately following the discovery of powerful new spyware capable of silently infiltrating phones running outdated software.
The malicious software, dubbed “Darksword”, represents a significant escalation in mobile cyber threats. According to cybersecurity researchers at Lookout, iVerify, and Google, the spyware can compromise devices running versions of Apple’s iOS operating system released between March and August 2025, specifically iOS 18.4 through to 18.6.2.
Experts estimate that between 220 and 270 million iPhones worldwide may still be running these vulnerable versions, placing a vast number of users at potential risk.
Darksword is designed to operate covertly, making it particularly dangerous. Once installed, it can harvest a wide range of sensitive data, including emails, usernames, passwords, personal photographs, and even cryptocurrency wallet details. Researchers describe it as a “highly sophisticated” and professionally engineered platform, indicative of a growing and increasingly commercialised market for advanced surveillance tools.
While the full scale of the threat remains unclear, early analysis suggests the spyware has been deployed in targeted campaigns. Among those reportedly affected are Ukrainians believed to be of interest to Russian intelligence, Chinese cryptocurrency users, and individuals in countries including Saudi Arabia, Turkey, and Malaysia. This pattern points to the continued use of cyber tools in geopolitical and financial espionage.
The discovery of Darksword follows closely on the heels of another spyware tool, “Coruna”, revealed earlier this month by Google and iVerify. Coruna has been linked to Russian intelligence groups and Chinese cybercriminal networks. Notably, investigators found that Darksword was hosted on the same infrastructure previously associated with Coruna, raising concerns about coordination or shared resources among threat actors.
Security analysts warn that these developments signal a troubling shift. John Scott-Railton of the Citizen Lab described the situation as a turning point, noting that the “barrier to entry for widespread, devastating mobile attacks has been decisively lowered”. In practical terms, this means that increasingly sophisticated cyber weapons are becoming more accessible, potentially enabling a broader range of actors to launch high-impact attacks.
Perhaps most concerning for everyday users is the near invisibility of such threats. Unlike traditional malware, which may cause noticeable disruptions, spyware like Darksword is engineered to remain undetected. “The scary takeaway for regular users is they can’t spot this attack,” Scott-Railton warned, underscoring the importance of preventative measures rather than reactive ones.
In response, Apple has emphasised that its latest operating system, iOS 26, released in September, includes protections against both Darksword and Coruna. The company has also taken the unusual step of issuing a targeted security update for older devices that are incapable of running the newest software, specifically to patch the vulnerabilities being exploited.
Apple spokesperson Sarah O’Rourke stressed that user vigilance remains critical. “Keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices,” she said.
The warning serves as a timely reminder of the evolving nature of digital threats. As smartphones continue to store ever greater amounts of personal and financial information, they have become prime targets for increasingly sophisticated cyberattacks. For users, the message is clear: failing to update your device is no longer a minor oversight; it could leave the door wide open to invisible intruders.
With the scale of potential exposure running into the hundreds of millions, this latest alert highlights a growing reality of modern life: cybersecurity is no longer optional but essential.
