Apple has made some progress with iOS 26 security, but the malware it downloaded still leaves millions exposed to spyware.

The prevailing opinion among iPhone security experts has been that finding vulnerabilities with the development of iOS was difficult, requiring a lot of time, resources, and teams of skilled researchers to break its security layers. This means that the iPhone spyware and The dangers of zero daywhich are not known to software vendors prior to their use, were rare and used for limited and critical issues, as Apple himself says.

But in the past month, cybersecurity researchers at Google, iVerify, and Lookout, have documented several large-scale fake accounts using tools, known as crown and DarkSwordwhich has been targeting victims around the world who are still not using Apple’s most advanced software. Some of these hackers include Russian spies and Chinese criminals, and they target their victims through hacked websites or fake websites, which allow them to steal phones from many victims.

Now, some of these tools leaked onlineallowing anyone to take the code and launch attacks easily against Apple users with older versions of iOS.

Apple has invested heavily in new security and development technologies, such as introducing secure passcodes to its latest iPhone models, and activate things like Lockdown Mode especially to deal with the problem of spyware. The goal has been to make modern iPhones more secure, reinforcing the claim that the iPhone is more difficult to hack.

But there are also old, outdated iPhones that are now easy to track by spyware and cybercriminals.

Now there are two security groups for iPhone users.

The latest iOS 26 users running on the latest iPhone 17 models released in 2025 a new security feature called Memory Integrity Enforcementwhich is designed to stop memory corruption, some of the most common errors used in spyware and cell phone unlocking. DarkSword relied heavily on cheats, according to Google.

So, there is iPhone users those still running the previous version of Apple’s mobile software, iOS 18, or older versions, which have been vulnerable to memory hacks and other incidents in the past.

The discovery of Coruna and DarkSword shows that memory attacks can continue to plague users of older iPhones and iPads who stay behind on newer, more secure memory models.

Experts who work at iVerify and Lookout, two cybersecurity companies that have a business unit selling security products for mobile devices, say Coruna and DarkSword could also challenge the long-held view that iPhones are rare.

iVerify co-founder Matthias Frielingsdorf told TechCrunch that mobile attacks are now “widespread,” but he added that attacks that rely on zero-day attacks against modern software “always cost a lot,” meaning they won’t be used for large-scale fraud.

Patrick Wardle, a security expert at Apple, said one problem is that people call attacks on rare or advanced iPhones because they are rarely documented. But the truth, he said, is that these threats may be out there but they are not always caught.

“Calling them ‘advanced’ is like calling them tanks or rockets,” Wardle told TechCrunch. “That’s true, but it misses the point. That’s an opportunity to start at that level, and all (most) countries have them (or can get them at the right price).

Another problem that Coruna and DarkSword highlighted is that there is a market that seems to be thriving, which creates an economic incentive “for developers and businesses to be paid twice for the same services,” according to Justin Albrecht, senior researcher at Lookout.

Especially when the initial damage is fixed, it makes sense for sellers to resell before anyone changes.

“This is not a one-time event, but it’s a sign of things to come,” Albrecht told TechCrunch.