A sophisticated software exploit capable of infiltrating and extracting data from potentially hundreds of millions of Apple iPhones was recently embedded on dozens of websites in Ukraine, researchers revealed on Wednesday.

The finding marks the second time this month that spyware targeting iPhones and other Apple devices has been identified, according to Reuters.

Taken together, the two hacking tools underscore a thriving market for sophisticated malware capable of stealing data and cryptocurrency wallet details, researchers said.

Researchers from cyber firm Lookout, mobile security company iVerify, and Alphabet’s Google released coordinated analyses of the malware they named “Darksword.”

On March 3, Google and iVerify had disclosed another potent iPhone spyware called “Coruna,” which was later found hosted on the same servers as Darksword.

“There’s now a verified pipeline of recent exploits … that have ended up in the hands of potentially criminal entities with a financial focus,” said Justin Albrecht, principal researcher with Lookout.

Google reported that its researchers observed multiple commercial vendors, and suspected state-linked hackers—deploying Darksword in separate campaigns targeting individuals in Saudi Arabia, Turkey, Malaysia, and Ukraine.

The campaigns in Malaysia and Turkey were linked to the Turkish commercial surveillance company PARS Defense, Google said. PARS Defense did not respond to requests for comment.

iVerify and Lookout noted that the malware was delivered to iPhone users running iOS versions 18.4 through 18.6.2 who visited one of dozens of Ukrainian websites.

Apple released these versions between March and August 2025.