Skip to main content
ClusterWire.newsAI That Reads the Crypto World for You
Featured AnalysisPrimary topicExchanges

DarkSword exploit chain compromises unpatched iPhones, installs crypto-targeting malware; update to iOS 26.3

Security researchers say the DarkSword iOS exploit chain has been used to compromise unpatched iPhones and deliver malware that targets crypto exchange and wallet apps [1][3].

Mar 20, 20262:03 PMNewsroom AI

Google and mobile security researchers have identified an iOS exploit chain called DarkSword that has been actively used since late 2025 to compromise unpatched iPhones running older iOS 18 releases, prompting Apple to patch multiple linked vulnerabilities across separate updates [1] [2].

Reported malware payloads associated with the chain—including spyware tracked as Ghostblade—specifically hunt for exchange and wallet applications (reports name targets such as Coinbase, Binance, Kraken, Ledger and MetaMask), exfiltrate sensitive and cryptocurrency-related data, and can be delivered via malicious websites without user interaction; some payloads reportedly erase themselves after extracting data [3] [1] [4].

Researchers and vendors recommend updating to the patched iOS release (reported as iOS 26.3 in coverage) and using mitigations such as Lockdown Mode to reduce exposure, particularly for users who access exchanges or wallets on mobile devices [3] [1].

Was this useful?

Anonymous signal used only for weekly cluster rankings. No public counters.

Share

Broadcast this coverage

Copy-ready links for the networks your audience checks first.

Share on XPost this briefing to your X followers.Share on FacebookLet your network catch up on the latest intel.Share on BlueSkyStart a conversation on BlueSky.

Support independent reporting

If this summary helped, a small tip helps keep ClusterWire running.

Privacy note: we log tip UI events (page + action, and article slug when applicable) to improve the feature. We don’t store IP address, user-agent, or wallet addresses in analytics. Tips are on-chain, so the sending address is public in the transaction.

Source Ledger

Citations

Follow the primary reporting behind this analysis. Click a citation to open the referenced source in a new tab.

  1. 1
    Apple iOS Malware Targets Crypto Apps on Unpatched iPhones: Google
    DecryptMar 20, 2026
  2. 2
    DarkSword iOS Exploit Chain Widely Used Since Late 2025, Google Says
    defiliban.comMar 20, 2026
  3. 3
    DarkSword Malware Strikes iOS: Crypto Wallets Under Attack
    BlockonomiMar 20, 2026
  4. 4
    iOS Zero-Day Chain DarkSword Actively Exploiting Cryptocurrency Users
    MoneyCheckMar 20, 2026

Themes

Themes driving this story

Curated from the cluster of sources powering this article.

Exchanges/CustodyThemeSecurity/HacksThemeEthereumThemeDeFiThemeRegulation/PolicyTheme
Live Wire

Latest Coverage

Real-time crypto intelligence ordered by publication time.

4h ago

Bithumb seeks court seizures to recoup 7 BTC after promotion error that credited users with bitcoin

Bithumb has launched legal action and sought provisional seizures to recover 7 BTC remaining after a February promotion mistake that mistakenly credited users in bitcoin instead…

Read more
6h ago

Iran Demands Bitcoin Toll for Strait of Hormuz Oil Transit; Analysts Estimate Hundreds of BTC Daily

Iran has told ships transiting the Strait of Hormuz to pay transit fees in Bitcoin, according to media reports. Tehran reportedly plans a $1-per-barrel cryptocurrency toll durin…

Read more
12h ago

Canary Capital submits SEC S-1 to register spot PEPE ETF amid expanding memecoin ETF push

Canary Capital has filed an S‑1 with the U.S. SEC for a spot PEPE exchange‑traded fund, joining a recent wave of memecoin ETF applications [1][2][4].

Read more
15h ago

Meta rolls out Muse Spark, its first public Superintelligence Labs model for multimodal, browser-based AI

Meta unveiled Muse Spark as the first public model from its Superintelligence Labs, positioning it as a step toward “personal superintelligence” that can run in users’ browsers …

Read more
17h ago

Ceasefire Reprices Risk - Bitcoin Near $72K Amid Binance Buying and Futures Instability; XRP Leads Flows

Markets are repricing risk after a ceasefire agreement; Bitcoin sits just under $72,000 while oil, gold and institutional flows shift positioning [1][3].

Read more
18h ago

NYT investigation spotlights Adam Back as potential Satoshi; Back denies claim, identity remains unresolved

A New York Times investigation revisits early cypherpunk records and writing patterns, singling out Adam Back as a leading candidate for Satoshi Nakamoto; Back has denied the cl…

Read more