Advanced Hacking Tools Target Apple iOS: Millions of iPhones at Risk

By: TechVerseNow Editorial | Published: Thu Mar 26 2026

TL;DR / Summary

# The "DarkSword" Leak: How State-Grade Hacking Tools Put Millions of iPhones at Risk

The "DarkSword" Leak: How State-Grade Hacking Tools Put Millions of iPhones at Risk

The digital fortress surrounding the iPhone has faced a significant breach—not through a direct hack of Apple’s servers, but through the leak of the very weapons used to bypass its defenses. The recent online surfacing of "DarkSword" and "Coruna," two highly sophisticated hacking tools developed by the surveillance firm Intellexa, has sent shockwaves through the cybersecurity community. While Apple continues to bolster its latest operating systems with advanced protections, this leak effectively democratizes state-level surveillance capabilities, leaving millions of users—particularly those on older hardware—vulnerable to targeted spyware attacks.

!A digital visualization of a jagged data blade bypassing an iPhone security layer.

The Heart of the Story: From Private Servers to Public Folders

The controversy centers on the commercial spyware industry, specifically the Intellexa Alliance, which produces the notorious "Predator" spyware. Recently, security researchers discovered that two of the firm's primary exploit delivery systems, known internally as DarkSword and Coruna, have leaked online. These tools are designed to exploit specific vulnerabilities in iOS to install spyware without the user’s knowledge, often through "zero-click" or "one-click" vectors.

What makes this leak particularly explosive is the context provided by Tal Dilian, the founder of Intellexa. In recent statements, Dilian has hinted at what many researchers long suspected: that the Greek government, under Prime Minister Kyriakos Mitsotakis, was a primary client. The tools were allegedly used to target dozens of high-profile individuals within Greece, including opposition leaders, military officials, and investigative journalists. This marks the most direct admission yet from within the spyware industry regarding the state-authorized targeting of political rivals.

While Apple’s iOS 17 and 18 have introduced "Lockdown Mode" and more robust memory protections to thwart such attacks, the leaked tools remain viable against a massive "tail" of older devices. Many users globally still operate iPhones that cannot support the latest security patches, or they simply haven't updated. For these millions of users, the availability of DarkSword online means that the barrier to entry for hacking their devices has dropped from millions of dollars to the cost of a simple download.

The synthesis of these reports paints a grim picture: a private company developed "cyber-weapons," sold them to a government for political surveillance, and eventually lost control of the source code. Cybersecurity experts warn that while the original exploits might eventually be patched, the logic and methods contained within the leaked code will serve as a roadmap for other malicious actors to build their own variants.

Analysis: The Democratization of Espionage

The leak of DarkSword and Coruna signals a turning point in the surveillance industry. Historically, "zero-day" exploits—vulnerabilities unknown to the software vendor—were the exclusive domain of well-funded intelligence agencies. However, the rise of the commercial spyware market has commoditized these weapons.

The immediate industry impact is twofold. First, it forces Apple into a reactive posture where they must audit their code against specific leaked methodologies rather than general threat models. Second, it highlights the "n-day" problem: the period where a vulnerability is known but millions of devices remain unpatched. This creates a permanent class of "vulnerable citizens" who cannot afford the latest hardware required for modern security features.

Looking ahead, we should expect increased regulatory pressure on firms like Intellexa. The connection to the Greek political scandal provides a tangible "smoking gun" for EU regulators who have been debating stricter controls on the export of dual-use surveillance technology. For the average user, the takeaway is clear: the gap between "secure" and "exposed" is narrowing, and the age of "security through obscurity" is officially over.


Tool NameOriginPrimary RiskTarget Demographic
DarkSwordIntellexa / CytroxZero-click exploit deliveryiOS (Legacy & Older builds)
CorunaIntellexa / CytroxMalware persistenceJournalists, Politicians, Activists

## Resources
  • TechCrunch: Apple’s iOS 26 Security Strides: An exploration of Apple's recent security updates and why they still fall short against leaked state-grade tools.
  • TechCrunch: DarkSword Leaked Online: A technical breakdown of the Coruna and DarkSword tools and their discovery by security researchers.
  • TechCrunch: Spyware Chief Hints at Greek Scandal: Details on Tal Dilian’s suggestions that the Greek government authorized illegal surveillance.

    • ***

    Quick Facts Box

  • Key Tools: DarkSword, Coruna (Intellexa Alliance).
  • Primary Platform: iOS (iPhone).
  • Major Scandal: Linked to the Greek government's "Predatorgate" surveillance of journalists and politicians.
  • Current Status: Exploit code is circulating online among security researchers and potentially malicious actors.

    • FAQ

    1. Is my iPhone at risk from DarkSword? If you are running the latest version of iOS (17.5+ or 18) and use a modern device, the risk is significantly lower. However, if you are on an older device (iPhone X or older) that no longer receives security updates, you are at higher risk.

    2. What is "Lockdown Mode"? It is an extreme security setting on iPhones designed to block complex web technologies that spyware tools like DarkSword often exploit.

    3. Who is Intellexa? Intellexa is a consortium of surveillance companies that sells hacking tools and spyware (like Predator) to government agencies worldwide.