DarkSword iOS Zero-Day Exploit Chain Targets Four Countries, Full Kit Leaked

• .What: Full iOS exploit chain (6 vulnerabilities, 3 zero-days) achieving complete device compromise and rapid data exfiltration - messages, calls, location, credentials, cryptocurrency wallets, and browser data stolen within seconds to minutes before the implant self-cleans.
• .Who: Targets in Saudi Arabia, Turkey, Malaysia, and Ukraine. The Saudi campaign targeted users via a Snapchat-themed social engineering lure. The Ukraine campaign used watering hole attacks on compromised legitimate websites including a government court domain and a regional news outlet.
• .How: One-click exploit delivered via malicious webpage. Victim visits site (snapshare[.]chat for Saudi campaign, compromised Ukrainian sites for UNC6353 campaign), exploit chain fires automatically via JavaScript in Safari - WebKit memory corruption to ANGLE sandbox escape to kernel privilege escalation to data exfiltration. No further interaction required.
• .Data: iMessage, WhatsApp, Telegram, and Signal conversations, email, photographs, GPS location, contacts, call logs, iCloud Keychain credentials, Wi-Fi passwords, Safari history and cookies, cryptocurrency wallet data from 40+ apps (Coinbase, Binance, MetaMask, Ledger, and others), calendar, Health data, and installed app inventory.
• .Actor: Three independent operators identified by GTIG - UNC6748 (financially motivated, Saudi Arabia targeting via social engineering), PARS Defense (Turkish commercial surveillance vendor, Turkey and Malaysia), and UNC6353 (suspected Russian espionage, Ukraine via watering holes). PARS Defense is the only named commercial surveillance vendor.
• .Impact: An estimated 270 million iPhones on vulnerable iOS versions at time of disclosure (iVerify). Full exploit kit leaked publicly on March 23, 2026. All six DarkSword vulnerabilities were patched by Apple between mid-2025 and February 2026, with iOS 18.7.3 (December 2025) and iOS 26.3 (February 2026) addressing the full chain. Lockdown Mode confirmed effective even on unpatched devices.

The DarkSword exploit chain was first observed in the wild in November 2025. GTIG, Lookout, and iVerify published coordinated research disclosing DarkSword on March 18, 2026. A Lookout researcher initially flagged a suspicious URL path (/rce_module.js) that led to the identification of DarkSword - which was found to share infrastructure with the Coruna exploit kit, a separate iOS attack chain attributed to the same Russian threat actor (UNC6353).

GTIG's analysis revealed that the chain exploited 6 distinct vulnerabilities: two in JavaScriptCore (CVE-2025-31277 for iOS 18.4-18.5, CVE-2025-43529 for iOS 18.6-18.7), one in ANGLE for sandbox escape (CVE-2025-14174), one dyld pointer authentication bypass (CVE-2026-20700), and two in the XNU kernel (CVE-2025-43510, CVE-2025-43520) - the last three being zero-days with no prior public disclosure or patch at time of first exploitation.

The Saudi Arabia campaign - tracked by GTIG as UNC6748 - used a Snapchat-themed social engineering lure. Targets were directed to snapshare[.]chat, a domain designed to mimic a Snapchat content-sharing feature.

Certificate Transparency logs confirm the domain's first TLS certificate was issued October 2, 2025 via Let's Encrypt - one month before the first observed attacks. The lure page triggered the WebKit exploit via JavaScript in Safari.

The chain executed in stages: a JavaScriptCore memory corruption vulnerability (CVE-2025-43529) achieved initial code execution in the Safari WebContent process, an ANGLE out-of-bounds write (CVE-2025-14174) combined with a dyld PAC bypass (CVE-2026-20700) escaped the sandbox via the GPU process, and kernel vulnerabilities (CVE-2025-43510, CVE-2025-43520) escalated privileges to achieve kernel read/write - at which point GHOSTKNIFE deployed as an in-memory JavaScript-based implant that exfiltrated data rapidly before self-cleaning.

DarkSword does not persist across reboots - it operates as a smash-and-grab infostealer, collecting and exfiltrating targeted data within seconds to minutes, then removing its traces.

Three distinct malware payloads were identified across the campaigns, all written in JavaScript.

GHOSTBLADE is a dataminer deployed by UNC6353 in the Ukraine watering hole campaign - it collects and exfiltrates a wide variety of data including cryptocurrency wallet credentials, browser history, messages, location, and photos, but does not support additional modules or backdoor-like functionality.

GHOSTKNIFE is a JavaScript-based backdoor deployed by UNC6748 in the Saudi campaign - with modules for stealing signed-in accounts, messages, browser data, location history, recordings, and screenshots.

GHOSTKNIFE communicates with its C2 server using a custom binary protocol over HTTP encrypted with ECDH and AES, and supports downloading files from C2 and recording audio.

GHOSTSABER is a JavaScript backdoor deployed by PARS Defense (the Turkish commercial surveillance vendor) in the Turkey and Malaysia campaigns - its capabilities include device and account enumeration, file listing, data exfiltration, and execution of arbitrary JavaScript code.

GHOSTSABER notably provides persistent arbitrary code execution that survives beyond the initial exploitation event, unlike the other two variants.

On March 23, 2026, an account on GitHub (linked to Telegram handle @darknullbyte) published a newer version of the DarkSword exploit kit - HTML and JavaScript files comprising the exploit chain and data exfiltration implant.

" GitHub removed the repository after it gained media attention, though the exact removal timeline has not been publicly confirmed. Mirrors proliferated across other platforms and the kit "can't be contained anymore" according to researchers. The leak source remains unknown.

Critically, all six DarkSword vulnerabilities had already been patched by Apple before both the March 18 public disclosure and the March 23 GitHub leak: iOS 18.6 patched CVE-2025-31277 (mid-2025), iOS 18.7.2 patched CVE-2025-43510 and CVE-2025-43520 (November 2025), iOS 18.7.3 patched CVE-2025-43529 and CVE-2025-14174 (December 2025), and iOS 26.3 patched CVE-2026-20700 (February 2026).

However, iVerify estimated 270 million iPhones remained on vulnerable iOS versions at time of disclosure - approximately 14.2% of the installed base running iOS 18.4 through 18.6.2.

GTIG attributed DarkSword deployment to three independent operators with distinct motivations and target sets.

UNC6748 conducted the Saudi Arabia campaign. The "UNC" prefix in Google's taxonomy denotes an "uncategorized" cluster.

Multiple sources describe UNC6748 as a financially motivated group targeting cryptocurrency wallets and mobile banking applications in Saudi Arabia, Turkey, and Malaysia. UNC6748 deployed GHOSTKNIFE via the snapshare[.]chat social engineering lure.

The financial targeting - specifically the exfiltration of data from 40+ cryptocurrency wallet and exchange apps including Coinbase, Binance, Kraken, and MetaMask - distinguishes this operation from the political surveillance model of NSO Group (Pegasus) or Intellexa (Predator).

PARS Defense is the only named commercial surveillance vendor publicly identified as deploying DarkSword.

GTIG observed PARS Defense - a Turkish CSV - using DarkSword in Turkey from late November 2025, and via a different customer in Malaysia from January 2026. PARS Defense deployed the GHOSTSABER backdoor and applied stronger operational security than other operators: obfuscation on the exploit loader, ECDH and AES encryption between server and victim, and version-specific exploit selection based on detected iOS version.

UNC6353, a suspected Russian espionage actor, conducted the Ukraine campaign. GTIG had tracked UNC6353 since summer 2025 as a cluster conducting watering hole attacks on Ukrainian websites using the Coruna exploit kit.

DarkSword was identified partly because it shared infrastructure with Coruna.

UNC6353 compromised legitimate Ukrainian websites - including novosti[.]dn[.]ua (a Donbas regional news outlet) and 7aac[.]gov[.]ua (the Seventh Administrative Court of Appeals in Vinnytsia) - to deliver DarkSword via malicious iframes loading from static.cdncounter[.]net.

UNC6353 deployed GHOSTBLADE, targeting both espionage data and cryptocurrency wallets. iVerify noted Russian-language comments were present in the exploit's early-stage code.

The DarkSword exploit chain - through its three implant variants - exfiltrated a comprehensive range of data from compromised iPhones. iVerify's analysis confirmed the following data types were targeted:

• .SMS, iMessage, WhatsApp, Telegram, and Signal message databases - message content, timestamps, and metadata
• .Email accounts configured on the device - the Mail envelope index
• .Photographs and metadata - including photos stored on device
• .GPS location history - consolidated location database and location client preferences
• .Contacts and call logs - full address book and call history
• .iCloud Keychain credentials and keybag files (persona, user session, system, device, backup)
• .Wi-Fi passwords and network configurations
• .Safari browsing history, bookmarks, cookies, and BrowserState database
• .Cryptocurrency wallet and exchange data - targeting 40+ apps including Coinbase, Binance, Kraken, KuCoin, OKX, MEXC, Ledger, Trezor, MetaMask, Exodus, Uniswap, Phantom, and Gnosis Safe
• .Health records, Notes, and Calendar data
• .SIM and cellular information, installed application inventory, and device identifiers
• .GHOSTKNIFE additionally supports: screenshot capture, audio recording, and downloading files from C2

The cryptocurrency targeting is a defining characteristic of DarkSword that distinguishes it from traditional commercial spyware. Pegasus, Predator, and other documented surveillance platforms focus on communications interception and location tracking.

DarkSword's explicit targeting of 40+ wallet and exchange applications suggests at least some operators are financially motivated rather than conducting political surveillance.

For individuals whose devices were compromised, iCloud Keychain credentials provide cascading access to every online account stored on the device. Wi-Fi passwords expose the networks the target uses.

The data is exfiltrated rapidly - DarkSword operates as a hit-and-run tool, not a persistent surveillance platform. Once exfiltration completes, the implant recursively deletes crash reports and temporary files to hinder forensic analysis.

1. JavaScriptCore Use-After-Free (CVE-2025-43529). A use-after-free vulnerability in WebKit's JavaScriptCore JIT compiler (specifically in StoreBarrierInsertionPhase) allowed arbitrary code execution in the Safari WebContent process.

For devices running iOS 18.4-18.5, the chain alternatively used CVE-2025-31277, a separate JIT type confusion bug in JavaScriptCore. The rce_loader.js script selected the appropriate exploit based on detected iOS version. Patched in iOS 18.7.3 (December 2025).

2. ANGLE Out-of-Bounds Write and Sandbox Escape (CVE-2025-14174).

After achieving code execution in the sandboxed WebContent process, the exploit pivoted to the GPU process via an out-of-bounds memory access vulnerability in ANGLE (Apple's GPU shader translation library, derived from Chromium's ANGLE).

The same vulnerability was independently patched in Chrome on December 10, 2025. Combined with CVE-2026-20700 (a dyld pointer authentication code bypass exploiting sensitive internal structures in writable stack memory), the exploit achieved code execution outside the Safari sandbox boundary.

Patched in iOS 18.7.3 (December 2025).

3. Kernel Privilege Escalation (CVE-2025-43510, CVE-2025-43520). A copy-on-write bug in AppleM2ScalerCSCDriver (CVE-2025-43510) was exploited to build arbitrary function call primitives in mediaplaybackd, a system service with elevated permissions.

A kernel-mode race condition in XNU's virtual filesystem implementation (CVE-2025-43520) was then exploited to build physical and virtual memory read/write primitives, achieving full kernel access. Patched in iOS 18.7.2 (November 2025).

4. PAC Bypass (CVE-2026-20700, zero-day). The dyld pointer authentication bypass defeated Apple's Pointer Authentication Codes (PAC), Trusted Page Reference Owner (TPRO), and SPRR protections. This was the last zero-day to be patched - in iOS 26.3 (February 2026).

Note: DarkSword deliberately avoids bypassing the Page Protection Layer (PPL) and Secure Page Table Monitor (SPTM) protections, and does not attack the Secure Enclave Processor.

5. No Mobile Threat Detection on Target Devices. The exploit chain was discovered through coordinated research: a Lookout researcher flagged a suspicious URL path (/rce_module.js) that led to the identification of DarkSword, while GTIG was independently tracking the threat.

iVerify's analysis of the exploit code and infrastructure followed. iVerify noted that all iVerify apps can detect live DarkSword infections, and offered iVerify Basic for free until May 2026 for anyone to check their phones.

6. Delayed Patch Cycle. Three of the six DarkSword vulnerabilities had patches available before the chain was used: CVE-2025-31277 was patched in iOS 18.6 (mid-2025), and CVE-2025-43510 and CVE-2025-43520 were patched in iOS 18.7.2 (November 2025).

Devices on iOS 18.4 - several versions behind - were exploitable using the full chain. Organizations that enforced timely iOS updates reduced their attack surface from six vulnerabilities to three zero-days.

7. No URL Filtering or Domain Reputation Enforcement. The snapshare[.]chat domain was registered in October 2025 - one month before the first observed attacks.

Certificate Transparency logs show its first Let's Encrypt certificate was issued October 2, 2025. Organizations with DNS-layer security filtering configured to block newly registered domains would have prevented the Saudi campaign delivery vector.

The Ukraine campaign used compromised legitimate websites, making DNS-layer blocking less effective for that vector.

8. GitHub Exploit Publication and Proliferation. The DarkSword exploit kit was published on GitHub on March 23, 2026 - five days after the coordinated public disclosure by GTIG, iVerify, and Lookout. The files are simple HTML and JavaScript.

" GitHub removed the repository after media attention, but the kit had already spread to other platforms. Lockdown Mode is confirmed effective against DarkSword even on unpatched iOS versions.

CVE IDs:

• .CVE-2026-20700 - Apple dyld PAC bypass, CVSS 7.8 (zero-day, patched iOS 26.3)
• .CVE-2025-43529 - WebKit JSC use-after-free, CVSS 8.8 (zero-day, patched iOS 18.7.3)
• .CVE-2025-14174 - ANGLE out-of-bounds write, CVSS 8.8 (zero-day, patched iOS 18.7.3)
• .CVE-2025-31277 - JSC JIT type confusion (patched iOS 18.6)
• .CVE-2025-43510 - XNU kernel AppleM2ScalerCSCDriver COW bug (patched iOS 18.7.2)
• .CVE-2025-43520 - XNU kernel VFS race condition (patched iOS 18.7.2)

Malicious Domains:

• .snapshare[.]chat - Snapchat-themed lure domain for Saudi campaign
• .static.cdncounter[.]net - C2 domain shared between DarkSword and Coruna exploit kit

Malware Families:

• .GHOSTKNIFE - JavaScript backdoor (UNC6748, Saudi campaign)
• .GHOSTBLADE - JavaScript dataminer (UNC6353, Ukraine campaign)
• .GHOSTSABER - JavaScript backdoor (PARS Defense, Turkey/Malaysia)

Threat Actor Designations:

• .UNC6748 - Financially motivated, targeting Saudi Arabia/Turkey/Malaysia
• .UNC6353 - Suspected Russian espionage, targeting Ukraine
• .PARS Defense - Turkish commercial surveillance vendor

GitHub Leak:

• .Leaked March 23, 2026
• .Telegram contact: @darknullbyte
• .Mirror: DarKDevz/DarKSward

Affected Versions:

• .iOS 18.4 through 18.7 (estimated 270 million vulnerable devices)

• .Saudi Arabia PDPL (Personal Data Protection Law) - Articles 10, 14, 19, 22. If a Saudi government entity was the operator behind UNC6748, it would be operating under national security exemptions. However, the PDPL applies to the processing of personal data of Saudi residents. The surveillance of private citizens, activists, and non-government targets implicates Articles 10 (lawfulness of processing), 14 (data security), and 22 (cross-border transfer restrictions if data was exfiltrated to foreign infrastructure). Fines up to SAR 5 million (~$1.3M) per violation. If the operator is a foreign government targeting Saudi nationals, Saudi Arabia's NCA Essential Cybersecurity Controls require government entities to detect and mitigate such compromises - failure to do so is a compliance gap.

• .Saudi Arabia NCA Essential Cybersecurity Controls - The compromise of government officials' devices indicates gaps in mobile device security controls mandated by the NCA for government entities. The NCA framework requires threat detection on government-issued devices, secure communications infrastructure, and incident response capabilities for targeted attacks.

• .GDPR (Regulation 2016/679) - Articles 5(1)(f), 32, 33, 34. If any EU residents were among the targets - or if the surveillance infrastructure transited EU member state networks - GDPR applies. Commercial surveillance vendors operating from or through EU jurisdictions face Article 32 obligations for security of processing. The Intellexa consortium was sanctioned partly under this framework. Fines up to EUR 20 million or 4% of annual global turnover.

• .Turkey KVKK (Personal Data Protection Law No. 6698) - Articles 4, 5, 12. Turkey's data protection authority (KVKK) has jurisdiction over surveillance of Turkish citizens. Unauthorized interception of personal data violates Article 12's security obligations. Administrative fines up to TRY 9.9 million (~$300K). Turkey's Anti-Terror Law and National Intelligence Organization (MIT) law provide government exemptions - but only for lawfully authorized operations.

• .Malaysia PDPA (Personal Data Protection Act 2010) - Section 9 (Security Principle). Surveillance of Malaysian targets violates the security principle requiring reasonable protection of personal data. Fines up to MYR 500,000 (~$107K) and/or imprisonment up to 3 years.

• .Ukraine Law on Personal Data Protection (Law No. 2297-VI) - Articles 6, 24. Unauthorized collection of personal data of Ukrainian citizens - particularly during wartime - carries criminal penalties under Ukrainian law. The targeting of Ukrainian executives suggests economic espionage that may also implicate national security statutes.

• .UAE PDPL (Federal Decree-Law No. 45/2021) - If UAE residents or UAE-based organizations were affected as secondary targets or through device roaming, the UAE PDPL applies. Fines up to AED 10 million (~$2.7M).

• .US Executive Order on Commercial Spyware (March 2023) - Executive Order 14093 restricts US government use of commercial spyware that poses counterintelligence or security risks. If DarkSword was developed by or licensed from an entity subject to US jurisdiction or sanctions, additional restrictions apply. The Commerce Department's Entity List and Treasury's SDN list are the enforcement mechanisms.

• .EU Regulation on Dual-Use Export Controls (Regulation 2021/821) - Commercial surveillance tools are classified as dual-use items. Export of exploit chains and spyware from EU-based vendors requires authorization. Unauthorized export is a criminal offense in EU member states.

• .Apple iOS Ecosystem Liability - Apple faces no direct regulatory fine for zero-day exploitation. All six DarkSword vulnerabilities were patched before public disclosure (iOS 18.6 through iOS 26.3, between mid-2025 and February 2026). However, iVerify estimated 270 million devices remained on vulnerable iOS versions at time of disclosure - raising questions about Apple's ability to accelerate adoption of security updates on the installed base and its Lockdown Mode adoption rate among high-risk users.

The following gaps exist in the public record for this incident:

1. The total number of individuals compromised across four countries over the approximately five-month campaign has not been disclosed by GTIG, iVerify, or Lookout. iVerify estimated 270 million devices on vulnerable iOS versions globally, but the actual victim count is unknown.

2. The original developer of the DarkSword exploit chain has not been identified. GTIG noted the chain was "built by a separate developer and sold to multiple state-linked operators," but the developer entity is unnamed.

PARS Defense is the only named CSV deploying DarkSword, but may not be the developer.

3. UNC6748's identity and nationality remain unestablished. GTIG describes UNC6748 as financially motivated, but whether it is a state-adjacent group, a criminal organization, or a surveillance vendor customer has not been resolved.

The cryptocurrency wallet targeting suggests financial motivation, but the infrastructure overlap with commercial surveillance operations leaves room for dual-purpose operations.

4. The source of the GitHub exploit kit leak on March 23, 2026 has not been identified. The GitHub uploader listed Telegram contact @darknullbyte. Whether the leak was intentional sabotage, whistleblowing, or commercial redistribution is unknown.

5. Whether additional commercial surveillance vendors beyond PARS Defense deployed DarkSword has not been confirmed. GTIG noted "multiple commercial surveillance vendors" but only named one.

6. The relationship between the DarkSword developer and the Coruna exploit kit developer is unclear. Both chains share infrastructure (via UNC6353) but iVerify states DarkSword "is an entirely separate kit made by entirely separate people."

Seconds to minutes. That is how long the DarkSword exploit chain needed from page load to full data exfiltration. JavaScriptCore memory corruption achieved code execution. ANGLE sandbox escape broke out of the renderer via the GPU process.

Kernel privilege escalation took ring-0 control. Then the implant harvested messages, credentials, cryptocurrency wallets, location, and browser data - and cleaned up after itself. No persistence. No implant left behind.

A smash-and-grab operation that completed before the target had any reason to suspect anything was wrong.

The control that discovered DarkSword was coordinated security research. Lookout flagged a suspicious URL, GTIG was independently tracking the infrastructure, and iVerify provided the deep technical analysis of the exploit chain.

DarkSword was discovered through collaboration between three firms - not through endpoint detection on a compromised device.

This matters because DarkSword's anti-forensics - recursive deletion of crash reports and temporary files - mean that after-the-fact detection on a compromised device is far harder than network or infrastructure-level identification.

For individuals in high-risk roles, Apple's Lockdown Mode is confirmed effective against DarkSword even on vulnerable iOS versions.

iVerify Basic was made available for free through May 2026 specifically so individuals can check whether their devices show artifacts of DarkSword compromise. Quarterly forensic scans using Amnesty International's MVT or iVerify remain standard practice for high-risk individuals.

Enforced iOS updates via MDM would have halved the attack surface.

Three of the six DarkSword vulnerabilities had patches available before the chain was first used in November 2025: CVE-2025-31277 was patched in iOS 18.6 (mid-2025), and two kernel vulnerabilities were patched in iOS 18.7.2 (November 2025).

Devices on 18.7.2 or later forced the attacker to rely on only three zero-days, a significantly harder chain to assemble and stabilize.

A 72-hour patching window enforced via MDM, with automatic corporate resource blocking for devices more than one version behind, would have closed this gap.

The delivery vector should have been stopped at the DNS layer. The snapshare[.]chat domain was registered October 2025, one month before the first attacks - no established reputation, no historical traffic, no legitimate backlinks.

DNS-layer security services - Cisco Umbrella, Cloudflare Gateway, Zscaler Internet Access - configured to block newly registered domains under 30 days would have prevented the target's browser from ever resolving the domain. The chain fires on page load.

If the page never loads, the chain never fires. This is the simplest and lowest-cost control in the entire kill chain.

The fundamental exposure that targeted spyware exploits is the convergence of sensitive communications and personal activity on a single device.

Government officials carried classified correspondence on the same iPhone that received personal SMS and WhatsApp messages - the exact channels DarkSword used for delivery.

If sensitive communications resided on a dedicated, hardened device with restricted application installation, enforced MDM profiles, disabled web browsing, and continuous integrity attestation, a compromised personal phone would yield personal data but not classified material, diplomatic correspondence, or intelligence briefings.

Device separation does not prevent compromise - it limits the blast radius to the device category that was targeted.

Google Cloud Blog (GTIG), iVerify, Lookout, The Hacker News, BleepingComputer, Help Net Security, SecurityWeek, Dark Reading, TechCrunch, CyberScoop, Apple Security Advisories, CISA KEV, Malwarebytes, WinBuzzer