The Google Threat Intelligence Group (GTIG), in coordination with industry partners Lookout and iVerify, has identified a new threat that exploits multiple zero-day vulnerabilities to target Apple devices in critical geopolitical contexts. The mobile cybersecurity landscape has seen a significant evolution with the identification of “DarkSword“, a “full-chain” exploit designed to fully compromise iOS devices.
According to GTIG monitoring, this threat has been adopted by multiple actors, including commercial surveillance providers and state groups, to target targets in Saudi Arabia, Turkey, Malaysia and Ukraine. The proliferation of this tool among disparate actors follows patterns already observed previously, highlighting an increasingly active market in the exchange of advanced digital espionage tools.
From a technical point of view, DarkSword is compatible with iOS versions between 18.4 and 18.7. The chain exploits six different vulnerabilities to deliver final-stage payloads, identified in the GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER malware families. Groups that have integrated this exploit into their operations include UNC6353, a threat cluster previously associated with espionage campaigns, which recently adopted DarkSword for watering hole attacks. Vulnerabilities used include JavaScriptCore memory management flaws (CVE-2025-31277 and CVE-2025-43529) and Pointer Authentication Codes (PAC) bypass in dyld (CVE-2026-20700).
A relevant case study concerns the activity of group UNC6748, which used a Snapchat-themed counterfeit site to target users in Saudi Arabia in November 2025. The infection process involved the use of obfuscated JavaScript and dynamic IFrames to prevent reinfection of the same subjects and hinder researchers’ analysis. “The loader was modified to fetch an RCE payload,” simulating the behavior of legitimate applications to mask data exfiltration. Apple took steps to correct the flaws with the release of iOS 26.3, but the persistence of these attacks highlights the need for timely updates or, alternatively, the activation of “Lockdown Mode” for high-risk profiles.
The collective research confirms that the analysis of data and digital infrastructures is crucial not only for prevention, but as “near-real-time decision support”. Telematics and threat intelligence remain essential tools for understanding attack dynamics and protecting the integrity of mobile operating systems on a global scale. Through joint work with iVerify and Lookout, it was possible to map the domains involved and include them in the Safe Browsing protocols, ensuring a coordinated response to one of the most sophisticated threats of recent years.
https://www.monetwork.org/group-page/monetwork-group/discussion/1c62ec8a-e577-4da9-abf4-fc3d77cd73f6?commentId=6b90b994-efff-4276-b72c-b6e1239b7233
https://www.koboxingandfitnessmhk.com/group/mysite-231-group/discussion/49513e4b-a60f-46ed-bb45-aef756e58c3c?commentId=8e6e80b8-1cce-4050-967a-59e68622d4cc
https://www.alanrevere.com/group/alanrevere-group/discussion/640e575e-6e92-4fc1-b11c-eca81b39f84d?commentId=13436eaf-e467-4d93-a30d-70d2db7d08d2
https://www.zeemaps.com/map/ohiup?group=7001893&location=Bestavaripeta%2C%20Prakasam%2C%20Andhra%20Pradesh%2C%20IND
https://www.momstartshere.org/group/parents-with-a-preschooler/discussion/1a4fe5f0-8f7b-4856-adc6-8d5a187ebecd?disableScrollToTop=1&commentId=489f7e37-cf43-4aa4-bdb9-ccf93fc69bbd
https://telegra.ph/best-03-02-9
https://pub45.bravenet.com/forum/static/show.php?usernum=3828411584&frmid=32&msgid=1075154&cmd=show
https://ravingreferrals.com/groups/seo-company-in-gurgaon/forum/topic/hey-friends/#post-14175
https://www.trailduro.com/group/trailduro/discussion/5e523c72-f201-40d9-b6a1-2e15bcd5001c?commentId=78ee31d6-02e4-4f6e-9911-4f2b7db8d78c
https://www.friendsoftheyellowbarnstudio.org/group/friendsyellowbarn-group/discussion/accc7213-b57d-4ea5-a99c-1204e8b92bee?commentId=8c1de086-ffdb-4e30-bd50-3c9d74e71849
https://www.molecularcloud.org/p/hi-everyone
https://recordsetter.com/submit/review?pend=69c3e7ac-36a3-4d7a-94fd-3f84ac7dbed8
https://www.ezega.com/Communities/Forums/ShowThread/49340/Hey-all-I-came
https://www.gametracker.com/clan/ProRussianServers/forum.php?thread=206810
https://dev.to/bonosdeapuestasfinder/hi-there-a-friend-32hi
https://passnownow.com/topic/hello-everyone-7/
https://www.pcbgogo.com/feedback/RPM_sensor.html
https://www.saasinvaders.com/post/the-best-slack-apps-for-entrepreneurs-from-entrepreneurs
https://receptite.com/forum/viewtopic.php?f=7&t=1187&p=448000#p448000
https://www.reviewadda.com/asks/what-differences-in-intimacy-expectations-between-western-men-and-thai-women
https://l2network.eu/forums/index.php?/events/event/2942-hi-everyone/
https://cache.gametracker.com/clan/Dynamickillercs/forum.php?thread=206929
https://pbase.com/sandraxybfted/image/176150799
https://www.cobocards.com/pool/en/cardset/90j890326/online-karteikarten-best/
https://www.tumblr.com/savagemountainlair/809994004686077952/greetings-all-during-a-discussion-about-weekend