Discovery is the second uncovered this month targeting Apple devices
Share
Want LBC stories before everyone else? Set us as your Preferred Source on Google
The market for malware capable of stealing data and cryptocurrency is flourishing, with researchers at Google and cybersecurity firms iVerify and Lookout revealing the discovery of a new hacking tool.
The technique, known as DarkSword, is being used by Russian hackers, taking over devices running iOS 18 that simply visit infected websites.
The technique doesn't affect the latest updated versions of iOS, but close to a quarter of iPhones still use the previous operating system.
iVerify's cofounder and CEO, Rocky Cole, said “A vast number of iOS users could have all of their personal data stolen simply for visiting a popular website.
“Hundreds of millions of people who are still using older Apple devices or older operating system versions remain vulnerable.”
The latest hacking discovery comes just two weeks after a more sophisticated hacking toolkit was discovered being used by what Google described as a Russian state-sponsored espionage group, alongside other hacker groups.
An Apple spokesperson said that “every day Apple's security teams around the world work tirelessly to protect users' devices and data.”
All malicious domains identified by Google have since been blocked by Apple Safe Browsing in the Safari web browser.
DarkSword is designed to steal data from vulnerable iPhones that include passwords and photos, logs from iMessage, WhatsApp, and Telegram, browser history, Calendar and Notes data, and data from Apple's Health app.
DarkSword also steals users' cryptocurrency wallet credentials.
The infection doesn't persist on a phone after it reboots, but instead steals data from the phone within the first few minutes after it's hacked, which Cole calls a “smash-and-grab” approach.
The creator of DarkSword is still unknown, but researchers agree that it probably was not the Russian hackers deploying it.
Instead, they suspect a “broker” firm that buys and sells hacking techniques is responsible for the technology.
