A sophisticated new exploit kit, codenamed DarkSword, has been identified targeting Apple iOS devices, capable of achieving full device takeover and stealing sensitive data. Reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout indicate that DarkSword has been actively wielded by various threat actors since at least November 2025.

The DarkSword exploit kit is described as a full-chain exploit, leveraging six distinct flaws, including three zero-day vulnerabilities, to compromise iOS devices. This allows threat actors to gain complete control over a target’s device and exfiltrate private information.

According to GTIG, the advanced capabilities of DarkSword are being utilized by multiple commercial surveillance vendors. Additionally, suspected state-sponsored actors are among those employing the exploit kit, highlighting its significance in the landscape of targeted cyber espionage.

The emergence of DarkSword underscores an evolving threat to iOS security, demonstrating the continued development of advanced tools by sophisticated groups for device exploitation and data theft.