Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites

Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites

Mobile EDR for the modern threat landscape

iVerify brings operating system-level telemetry, behavioral baselining, and AI-driven threat hunting to hundreds of thousands of mobile devices

Request a free trial

Featured on

Exploit scarcity is dead

Mobile zero-days are on the rise

Mobile zero-days are on the rise

67%

67%

increase in mobile zero-days, 2024–2025

increase in mobile zero-days, 2024–2025

~90%

of zero-day chains target mobile

of zero-day chains target mobile

40
30
20
10
0
Pegasus
2010–18
4
2019
11
2020
FORCEDENTRY
17
2021
Predator
7
2022
Triangulation
18
2023
9
2024
20
2025
DarkSword & Coruna
30
2026

Rare and targeted | 2010–2018

Abundant | 2019-2025

AI-Accelerated | 2026

DarkSword

DISCOVERED BY

iVerify & Google TAG

DISCOVERY DATE

Mar 18, 2026

Platforms

iOS 18.4 — 18.7

Delivery

Zero-click · browser-to-OS chain

Impact

Up to 270M devices potentially affected

SUMMARY

Zero-click browser-to-OS exploit. Achieves complete data exfiltration including Wi-Fi passwords, messages, call history, and location. Two mass iOS exploits in one month.

Learn More

40
30
20
10
0
Pegasus
2010–18
4
2019
11
2020
FORCEDENTRY
17
2021
Predator
7
2022
Triangulation
18
2023
9
2024
20
2025
DarkSword & Coruna
30
2026

Rare and targeted | 2010–2018

Abundant | 2019-2025

AI-Accelerated | 2026

DarkSword

DISCOVERED BY

iVerify & Google TAG

DISCOVERY DATE

Mar 18, 2026

Platforms

iOS 18.4 — 18.7

Delivery

Zero-click · browser-to-OS chain

Impact

Up to 270M devices potentially affected

SUMMARY

Zero-click browser-to-OS exploit. Achieves complete data exfiltration including Wi-Fi passwords, messages, call history, and location. Two mass iOS exploits in one month.

Learn More

Live · 2026
DarkSword
40
30
20
10
0
2010–18
4
2019
11
2020
17
2021
7
2022
18
2023
9
2024
20
2025
30
2026

Rare and targeted | 2010–2018

Abundant | 2019-2025

AI-Accelerated | 2026

Previous

Next

DarkSword Details

DISCOVERED BY

iVerify

DISCOVERY DATE

Mar 18, 2026

Platforms

iOS 18.4 — 18.7

Delivery

Zero-click · browser-to-OS chain

Impact

Up to 270M devices potentially affected

SUMMARY

Zero-click browser-to-OS exploit. Achieves complete data exfiltration including Wi-Fi passwords, messages, call history, and location. Two mass iOS exploits in one month.

Learn More

MOBILE THREAT DEFENSE IS DEAD

Introducing mobile endpoint detection and response

Introducing true mobile endpoint detection and response

Legacy MTD Solutions

Signatures.
Network-dependent.
Blind to the kernel.

Tricks, not telemetry

Conflicts with VPNs

Stagnant against AI-Driven exploits

Has MTD failed you? Chat with us.

iVerify Mobile EDR

Operating system telemetry.
Behavioral baselining.
Threat hunting at AI speed.

Process, file system, crash logs, and memory monitoring

Stands alone — no network VPN required

Near-zero false positives on critical alerts

Request a free trial

You can't stop the threats you can't see

Employees use their phones to access corporate applications where they receive MFA codes, store session tokens, and handle sensitive communications, but unlike laptops and servers, mobile has operated with little to no visibility until now.

SOC Coverage Gap

Your SOC sees every endpoint, except the one in every pocket.

Active Compromise

MDM reports compliance. It can't report compromise.

Exposed BYOD

Personal devices reach corporate systems without security visibility.

Malware and Spyware

Detect Pegasus, Coruna, and DarkSword before they reach your data.

Enterprise Account Takeover

Stop smishing, vishing, and SIM swap at the source.

High-Risk Travel

The threat model changes the moment your employees board a plane.

AI-Accelerated Exploitation

AI closed the gap between vulnerability disclosure and active exploit.

Mobile App Vetting

Every approved app is a data leak vector, including shadow AI.

What makes iVerify different

Mobile DFIR

Threat Hunting

Sample Capture

AI Red Team

Secure Supply Chain

Mobile DFIR

Our experts are world-renowned mobile forensics researchers who are creating the playbook your security team learns from. Ex-Apple, former intelligence and law enforcement, current innovators. On staff, not on speed dial.

WHAT WE COLLECT

iOS Unified Logs and Sysdiagnose — OS and process state

Android process traces, logcat, crash logs, app inventory, filesystem artifacts

FSMetadata — file system mutation history

Crash content, including pre-crash memory snapshots

Why it matters

Everyone else watches the network. We watch the OS.

iOS Unified Logs

sYSDIAGNOSE

FSMETADATA

Billions

forensic Datapoints in knowledge graph

10k+

Artifacts Automatically analyzed

<5 min

avg forensic capture

Mobile DFIR

Threat Hunting

Sample Capture

AI Red Team

Secure Supply Chain

Mobile DFIR

Our experts are world-renowned mobile forensics researchers who are creating the playbook your security team learns from. Ex-Apple, former intelligence and law enforcement, current innovators. On staff, not on speed dial.

WHAT WE COLLECT

iOS Unified Logs and Sysdiagnose — OS and process state

Android process traces, logcat, crash logs, app inventory, filesystem artifacts

FSMetadata — file system mutation history

Crash content, including pre-crash memory snapshots

Why it matters

Everyone else watches the network. We watch the OS.

iOS Unified Logs

sYSDIAGNOSE

FSMETADATA

Billions

forensic Datapoints in knowledge graph

10k+

Artifacts Automatically analyzed

<5 min

avg forensic capture

Mobile DFIR

Threat Hunting

Sample Capture

AI Red Team

Secure Supply Chain

Mobile DFIR

Our experts are world-renowned mobile forensics researchers who are creating the playbook your security team learns from. Ex-Apple, former intelligence and law enforcement, current innovators. On staff, not on speed dial.

WHAT WE COLLECT

iOS Unified Logs and Sysdiagnose — OS and process state

Android process traces, logcat, crash logs, app inventory, filesystem artifacts

FSMetadata — file system mutation history

Crash content, including pre-crash memory snapshots

Why it matters

Everyone else watches the network. We watch the OS.

iOS Unified Logs

sYSDIAGNOSE

FSMETADATA

Billions

forensic Datapoints in knowledge graph

10k+

Artifacts Automatically analyzed

<5 min

avg forensic capture

LEARN FROM OUR TEAM

Featured blogs and research

Why Your Current Security Stack Can’t Detect SMS Threats

Ivan

Foreman

How SmishGuard Preserves User Privacy While Detecting Smishing Threats

Spencer

Parker

How SmishGuard Detects Smishing Before Users Engage

Spencer

Parker

Why Your Current Security Stack Can’t Detect SMS Threats

Ivan

Foreman

How SmishGuard Preserves User Privacy While Detecting Smishing Threats

Spencer

Parker

How SmishGuard Detects Smishing Before Users Engage

Spencer

Parker

Smishing Detection for Enterprises: What to Look for in a Tool

Jan

Rosenfeld

Stop defending mobile
like it's 2015

Stop defending mobile like it's 2015

Secure your fleet