SlowMist: DarkSword attack program leaked in the wild; older iOS users’ crypto wallets at risk

SlowMist’s Yu Xian stated that some in-the-wild attack samples have been obtained. It is currently confirmed that the attacks primarily target iPhones running older versions of iOS, Safari browsers, and users holding cryptocurrency wallets. He noted that malicious JavaScript exploit code may be embedded in fake websites—such as those impersonating adult live-streaming platforms, TRON energy stations, refund procedures, or vulnerability alerts. If users of older iPhone models open such websites using Safari and leave them open, while simultaneously unlocking their wallet apps in preparation for use, their plaintext private keys could be stolen.