BlockBeats News, May 15th, SlowMist Cosine Social Media announced that the high-risk iOS attack framework DarkSword has been publicly leaked on GitHub and other channels, and is being used for large-scale fund theft attacks against cryptocurrency wallet holders. This attack targets devices running iOS versions 18.4 to 18.7, exploits a Safari browser vulnerability through a malicious webpage to achieve remote code execution, and then steals users' sensitive data.

The attackers use lure webpages such as fake live adult content, Tron energy stations, refund processes, etc., to launch the attacks. Once iPhone users running older versions of iOS visit such webpages using the Safari browser (even if the page is not closed), when unlocking their wallet app later, plaintext private keys, mnemonic phrases, and other sensitive information may be stolen by malicious JavaScript code and transmitted back in real-time through channels like Telegram bots.