SlowMist: The DarkSword attack program has been leaked in the wild, putting older iOS users' encrypted wallets at risk.

CoinFeed reported on May 15th that SlowMist's Yu Xian published an article on the X platform stating that the high-risk iOS attack framework DarkSword has been publicly leaked on GitHub and other channels, and is being used for large-scale data theft attacks targeting cryptocurrency wallet holders. This attack program targets devices running iOS versions 18.4 to 18.7, using malicious web pages to exploit vulnerabilities in the Safari browser to achieve remote code execution, thereby stealing sensitive user data. Attackers use decoy web pages posing as pornographic live streams, Tron energy stations, and refund processes to launch attacks. iPhone users running older iOS versions who access such web pages using the Safari browser (even without closing the page) may have their plaintext private keys and mnemonic phrases stolen by malicious JavaScript code when unlocking their wallet apps, and then transmitted back in real time via channels such as Telegram bots.