Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
  • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Podcasts
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Podcasts
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

DarkSword iOS Attacks: Compromised Websites Puts User’s Crypto at Risk

Ledger CTO says it targets iOS globally, using compromised sites to steal data, monitor activity, and take full control of devices instantly.

Written By Kenrodgers Fabian Kenrodgers Fabian
Fact Checked by Gopal Solanky Gopal Solanky
Published March 19, 2026 1:03 PM
Make The Crypto Times preferred on GoogleGoogle
Share
DarkSword iOS Attacks Compromised Websites Puts User’s Crypto at Risk

Key Highlights

  • DarkSword exploits iOS flaws to fully compromise devices, targeting users worldwide.
  • Malware families like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER steal data and monitor activity.
  • Visiting a compromised site can trigger full device control without any user action.

A new iOS exploit dubbed DarkSword is actively targeting users worldwide, putting crypto assets and personal data at immediate risk. The attack leverages multiple zero-day vulnerabilities in iOS versions 18.4 through 18.7, delivering full device compromise without any user interaction. 

According to Charles Guillemet, CTO at Ledger, DarkSword is “already deployed at scale via watering-hole attacks” and has affected users in Ukraine, Saudi Arabia, Turkey, and Malaysia. One visit to a compromised website can trigger full surveillance, data exfiltration, and total device control. This marks a shift from rare, targeted exploits to industrialized, mass-level attacks.

The CTO also highlighted that this emerges just days after Google’s March 3, 2026 disclosure of Coruna—a leaked nation-state kit exploiting 23 flaws across iOS 13-17.2.1, which compromised thousands through similar web lures. 

🚨Only days after Coruna, one of the first large-scale iOS exploit kits, DarkSword is already being exploited in the wild.

Coruna showed the pattern: state-grade iOS exploits don’t stay in government hands. They leak, spread, and end up in broader ecosystems. One visit to a…

— Charles Guillemet (@P3b7_) March 18, 2026

Google’s Threat Intelligence Group (GTIG) confirmed in a blog post that DarkSword has been around since November 2025 and is being used by commercial surveillance providers and state-sponsored actors.

As per the group, the malware chain makes use of a number of malware families, including GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER.

Each malware variant infiltrates different types of data, ranging from messages and browser history to microphone recordings. Besides, the exploit fully bypasses iOS security layers, including WebContent and GPU sandbox protections.

How DarkSword works

DarkSword takes advantage of six separate weaknesses in iOS to take over a device. It starts by exploiting Safari’s JavaScript engine to run malicious code. Older iPhones are hit through one flaw, while newer versions rely on another, both combined with a method to bypass Apple’s security checks. 

This gives attackers deep access to the device’s core system. From there, the exploit breaks out of Safari’s restricted environment and moves into higher-level system processes, letting it run the final malware. 

Finally, it escalates privileges to gain full control of the phone. Remarkably, the entire attack runs through JavaScript, so attackers don’t need to install any unsigned apps or files.

Targeted campaigns and malware families

Several groups have been adapting DarkSword for their own attacks. UNC6748 targeted users in Saudi Arabia through fake Snapchat websites, using GHOSTKNIFE to steal accounts and monitor activity. PARS Defense focused on users in Turkey and Malaysia, deploying GHOSTSABER along with encrypted exploits and tools to track devices. 

Meanwhile, UNC6353, believed to be linked to Russian espionage, went after Ukrainian websites with GHOSTBLADE, a tool designed to collect data. While GHOSTBLADE doesn’t maintain ongoing access, it still deletes crash logs to hide its presence.

Experts warn that DarkSword marks a new level of iOS threats. Unlike older attacks, it can compromise anyone who visits legitimate websites. Therefore, users should assume their devices could be at risk and exercise extreme caution at all times.

Also Read: Coinbase Commerce Faces Backlash Over ‘Unsafe’ Seed Phrase Tool

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Demo Live
Prediction Market Fight May Reach Supreme Court CFTC Chair Selig
Prediction Market Fight May Reach Supreme Court: CFTC Chair Selig
Anchorage Bets Big on AI Economy With New Banking Model
Anchorage Bets Big on AI Economy With New Banking Model
Tapnob Rolls Out Crypto-to-Naira Payment Platform in Nigeria
Tapnob Rolls Out Crypto-to-Naira Payment Platform in Nigeria
Clarity Act on Fast Track Senator Moreno Sets July 4 Deadline
Clarity Act on Fast Track? Senator Moreno Sets July 4 Deadline

Find Us on Socials

You may also like

$295M Hack Fallout: Drift Protocol Rolls Out User Recovery Plan

$295M Hack Fallout: Drift Protocol Rolls Out User Recovery Plan

Aave vs Gerstein: Harrow Court Clash Over $71M Stolen ETH Linked to Kelp DAO Hack

Aave vs Gerstein Harrow: Court Clash Over $71M Stolen ETH Linked to Kelp DAO Hack

Ripple Teams Up with Crypto ISAC to Stop North Korean Hackers

Ripple Teams Up with Crypto ISAC to Stop North Korean Hackers

Aave Files Motion to Unfreeze $71M ETH Tied to KelpDAO Exploit

Aave Files Motion to Unfreeze $71M ETH Tied to KelpDAO Exploit

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Podcasts

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information