Government-Grade iPhone Spyware Now Reused by Criminal Hackers

New research from Google, iVerify and Lookout shows that powerful iPhone spyware tools once built for government customers have spread into the hands of cybercriminal groups, enabling drive‑by infections that can silently steal texts, photos, contacts, location data and app messages from everyday users. In the past month, researchers uncovered two separate exploit frameworks: Coruna, reportedly created by U.S. defense contractor L3Harris for an unnamed government client and now deployed by a Chinese cybercriminal group via fake Chinese‑language crypto and finance sites, and DarkSword, linked to a Russian‑based hacking group and used in watering‑hole attacks on Ukrainian news and government sites. Both toolkits can infect iPhones merely by visiting a booby‑trapped website, after which they exfiltrate data from iMessage, WhatsApp, Telegram and other apps, as well as device configurations and browser cookies; DarkSword’s developers left key JavaScript code unobscured, making it easy for lower‑skill criminals to copy. Apple says it has already patched the underlying iOS vulnerabilities in recent releases, pushed an emergency update last week to older devices, and is blocking known malicious domains in Safari, but security researchers warn that the commercialization and leakage of such exploits has created an abundant ecosystem of mobile spyware. The findings undercut Apple’s reputation for near‑invulnerable iPhone security and broaden the threat from targeted state surveillance of dissidents and officials to mass‑scale criminal spying that could hit journalists, executives and ordinary Americans who fail to keep their devices fully updated.