TA446 Deploys Leaked DarkSword iOS Spyware
The threat group TA446 has been observed deploying a leaked version of the DarkSword iOS spyware toolkit in targeted campaigns. Originally developed for surveillance purposes, the tool enables data exfiltration, device monitoring, and remote control capabilities. Its leak has lowered the barrier to entry for cybercriminals, increasing the risk of broader misuse. The campaign appears highly targeted, focusing on specific individuals or organisations. Security experts warn that such leaks can rapidly expand the threat landscape, particularly for mobile devices traditionally perceived as more secure.
For years, iPhones have enjoyed a reputation as the “safer” option. TA446 seems keen to challenge that narrative.
The group has begun using a leaked version of the DarkSword spyware toolkit, originally designed for sophisticated surveillance operations. Now that it’s out in the wild, it’s no longer exclusive to well-funded actors.
DarkSword isn’t your average dodgy app. It can monitor activity, extract sensitive data, and even control compromised devices remotely. In short, it turns your phone into a very expensive spy.
Why This Matters
The real issue isn’t just the tool, it’s the leak. Once advanced spyware becomes publicly available, it often gets repurposed quickly. Think less “elite cyber operation” and more “script kiddie with ambition”.
While current attacks appear targeted, the potential for wider abuse is significant.
Practical Advice
• Keep devices updated
• Avoid installing untrusted profiles or apps
• Be cautious with links and attachments
• Use mobile threat detection where possible
Your iPhone may still be secure, but it’s no longer invincible.