DarkSword malware is actively targeting iPhone users through sophisticated phishing emails that impersonate the Atlantic Council to exploit critical vulnerabilities in iOS versions 18.4 through 18.7.

Key points

• Proofpoint identified phishing campaigns using malicious links to infect iPhones via the Safari browser.
• The attacks are suspected to originate from Russia’s Federal Security Service, targeting international organizations.
• DarkSword exploits multiple iOS vulnerabilities, allowing remote malware installation on unpatched devices.
• Apple released security patches for iOS 15 and 16 on March 11, 2026, to protect older hardware.
• Users are urged to update their devices immediately to mitigate risks from the leaked hacking tool.

The public leak of the DarkSword tool has significantly lowered the barrier for cybercriminals to execute sophisticated mobile attacks. This campaign highlights the urgent need for users to maintain updated software to defend against evolving threats targeting mobile operating systems.