DarkSword: This iPhone malware steals your data and erases itself before you know it
You might’ve seen news reports about how the Malaysian Communications and Multimedia Commission (MCMC) is calling for everyone using iPhones to update the as soon as they can. That’s because there’s a new iOS exploit chain going around called DarkSword, which uses several known vulnerabilities in older iOS versions to deploy malware and spyware onto iPhones.
But what exactly is this DarkSword thing you ask? And what exactly has happened in Malaysia that even the MCMC is asking Malaysians to update their iPhones?
Discovered by researchers at Google Threat Intelligence Group, they found that DarkSword has been going around in the wild since at least November 2025. GTIG claims that multiple commercial surveillance companies and state-sponsored actors have used DarkSword across various campaigns in Saudi Arabia, Turkey, Ukraine and indeed, Malaysia too. DarkSword is particularly scary as it exploits iPhones running iOS 18.4 to 18.7, and you can get infected simply by visiting a malicious or compromised website with a vulnerable device.
Specifically, GTIG found activity in Malaysia associated with Turkish commercial surveillance vendor PARS Defense. GTIG says that the incident in Malaysia used a backdoor known as GHOSTSABER, which is capable of device and account enumeration, file listing, data exfiltration and execution of arbitrary code. They found that the GHOSTSABER backdoor tried to execute code that would’ve recorded audio from the device’s microphone and its location to a separate server.
GTIG also revealed that the DarkSword delivery used in Malaysia used a spoofed Malay Mail website “e5[dot]malaymoil[dot]com”, so it’s perhaps worth checking your history.
However, that’s not the only malware that used DarkSword to get into your iPhone. GTIG says there’s two more seen in other DarkSword attacks, which include GHOSTBLADE and GHOSTKNIFE. GHOSTBLADE in particular not only exfiltrates your data but also targets cryptocurrency data, apps and wallets in particular. GHOSTBLADE and GHOSTKNIFE have also been spotted with code that can delete crash reports, covering its tracks and hiding itself from the user.
With all that being said, while you might not like iOS 26 and its Liquid Glass theme, the best way to protect yourself is to update your iPhone, especially if you’re currently on iOS 18. To do so, you can simply head over to the Settings page, tap on General and find Software Update to begin updating. If you believe that you’ve been compromised or are otherwise unable to update, you can enable Lockdown Mode under Privacy & Security in Settings.
Read more of our articles below!
