Google warns DarkSword iOS exploit targets iOS 18.4–18.7 and uses GHOSTBLADE to steal crypto wallet data and user credentials
A newly disclosed iOS exploit chain has raised concerns among iPhone users and crypto holders.
Google reported that the DarkSword exploit has been active since late 2025 and targets devices running iOS 18.4 to 18.7.
The report links the exploit to data theft risks, including access to cryptocurrency wallets and sensitive user credentials.
DarkSword Exploit Targets Specific iOS Versions
Google stated that the DarkSword exploit chain affects devices that remain unpatched. It has been observed in active use since late 2025. The affected versions include iOS 18.4 through iOS 18.7.
Google disclosed that the DarkSword iOS exploit chain has been widely used since late 2025 to compromise iPhones (iOS 18.4–18.7). One payload, GHOSTBLADE, can extract cryptocurrency wallet data and credentials alongside other sensitive information. Google warned that unpatched… pic.twitter.com/9yu5j3VlR0
— Wu Blockchain (@WuBlockchain) March 20, 2026
The exploit chain uses multiple vulnerabilities to gain access to devices. Once inside, attackers can execute malicious code without user awareness.
This allows continued access to device data and system functions.
Google said, “Attackers have widely used the exploit chain against unpatched iOS devices.”
The company tracked activity through its security research teams.
Google shared the findings to alert users and developers.
GHOSTBLADE Payload Targets Crypto Wallet Data
One key component of the exploit chain is a payload named GHOSTBLADE. This tool extracts sensitive information from infected devices.
It includes cryptocurrency wallet data and stored credentials. The payload can access wallet files and private data stored on the device.
It may also collect login credentials and other personal details. This creates risks for users who store financial data on their phones.
Crypto wallets stored on mobile devices are a common target. Attackers aim to gain direct access to funds or recovery phrases. This can lead to asset loss if security measures are weak.
Related Reading: Bitrefill Cyberattack: Lazarus Group Suspected After Hack Exposes 18,500 Records
Google Urges Immediate Updates for Protection
Google has advised users to update their devices to the latest iOS version.
Security updates often patch known vulnerabilities used in such attacks. Users who delay updates may remain exposed.
The company stressed the importance of timely updates and device security.
It also encouraged users to review app permissions and avoid unknown downloads. These steps can reduce exposure to threats.
Apple has not issued a detailed public response within the same report. However, users are encouraged to rely on official updates for protection. Regular updates remain a key defense against evolving exploits.
The report places attention on mobile security and crypto safety. As more users rely on smartphones for financial activity, such threats continue to grow.
