Google Threat Intelligence and security companies iVerify and Lookout have unearthed an advanced suite of hacking tools for iPhones running the iOS 18 operating system called 'Darksword' originating from Russia, according to a blog post from Google on Wednesday.
The tools were deployed in Ukraine and have the capacity to steal personal data as well possibly steal cryptocurrency and were launched by a group known as UNC6353. The hacking tool suite was designed to infiltrate devices, steal personal information such as WhatsApp and Telegram text messages, photos and browser history and then eliminate all traces of its presence.
It was not intended for long-term surveillance purposes, according to the blog. These hacking tools were similar to the exploit kit, named 'Coruna' that has five full iOS (the software powering iPhones) exploit chains and 23 total exploits.
ALSO READ: Is Your iPhone At Risk? Cybercriminals Use 'Leaked US Govt Tools' To Target Older iPhones
Evidence had surfaced that these hacking tools originate from "leaked US government framework", according to iVerify, a fact checking tool designed by the United Nations Development Program.
The most advanced variants have 'non-public exploitation techniques' and 'mitigation bypasses'. This means that they can hack into these Apple devices using methods not known to the wider general public and get past their built-in security features.
Google Threat Security urged users to update their iPhones to their latest operating systems as these exploits are ineffective against Apple's newer devices and software. In cases where updating the phone to the latest OS was not possible, they recommended enabling 'Lockdown Mode' in order to have improved safeguards against potential threats
Around five months later, a more sophisticated version appeared in what investigators called an espionage campaign linked to a suspected Russian intelligence group. The attackers embedded the code inside a standard visitor-counting feature on Ukrainian websites similar to what had happened with 'Darksword.'
"The use of both DarkSword and Coruna by a variety of actors demonstrates the ongoing risk of exploit proliferation across actors of varying geography and motivation," Google said in its blog post.
"Google remains committed to aiding in the mitigation of this problem, in part through our ongoing participation in the Pall Mall Process, designed to build consensus and progress toward limiting the harms from the spyware industry," it added.
ALSO READ: Alleged US iPhone Hacking Kit Lands In Cyber Gang And Spy Networks, Raises Security Fears
Essential Business Intelligence, Continuous LIVE TV, Sharp Market Insights, Practical Personal Finance Advice and Latest Stories — On NDTV Profit.