Researchers have identified a new spyware called DarkSword that is specifically targeting iPhone users in Malaysia and other countries, including Ukraine, Saudi Arabia, and Turkey. This revelation highlights the growing prevalence of advanced mobile hacking tools within a complex ecosystem involving both commercial and criminal interests.
DarkSword employs a watering hole strategy, compromising legitimate websites likely to be visited by users to infiltrate their devices and extract sensitive information such as messages, call logs, and location history. This technique enables attackers to discreetly access personal data.
Unveiled by researchers from iVerify in collaboration with Google and Lookout, DarkSword's operation was linked to various actors, including state-affiliated entities and commercial surveillance firms. Google’s Threat Intelligence Group reported that the exploit chain has been traced back to November 2025, with connections to Turkish spyware vendor PARS Defence and a Russian espionage group known as UNC6353.