"DarkSword aims to extract an extensive set of personal information, including credentials from the device and specifically targets a plethora of crypto wallet apps, hinting at a financially motivated threat actor. Notably, DarkSword appears to take a 'hit-and-run' approach by collecting and exfiltrating the targeted data from the device within seconds or at most minutes, followed by cleanup."
"Exploit chains such as Coruna and DarkSword are engineered to facilitate complete access to a victim's device with little to no interaction required on the part of the user. The findings once again show that there is a second-hand market for exploits that allows threat groups with limited resources and goals not necessarily aligned with cyber espionage to acquire top-of-the-line exploits."
"Multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit, codenamed DarkSword, in distinct campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. The kit is designed to target iPhones running iOS versions between iOS 18.4 and 18.7."
DarkSword is a full-chain exploit kit discovered by Google Threat Intelligence Group, iVerify, and Lookout, being used by commercial surveillance vendors and state-sponsored actors in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. The kit represents the second iOS exploit discovered within a month, following Coruna. Russian espionage group UNC6353 deployed DarkSword against Ukrainian users. The exploit extracts personal information, device credentials, and specifically targets cryptocurrency wallet applications, suggesting financial motivation. DarkSword employs a rapid 'hit-and-run' approach, collecting and exfiltrating data within seconds to minutes before cleaning up traces. The discovery highlights a secondary market for exploits enabling threat groups with limited resources to acquire advanced tools for mobile device infections.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]