Training Example: Lookout – Review the Data, Give Your Score & Compare to the Real AI Evaluation

The Mobile AI Gap: Closing the 60% Enterprise Visibility Blind Spot → Join LIVE Virtual Panel & Research Deep DiveAn 'AI-first approach' to cybersecurity places artificial intelligence at the foundation of threat detection, analysis, and response—rather than layering it on as an afterthought.This AI-driven strategy learns from vast data to spot patterns and anomalies missed by rule-based systems. It uses real-time insights into behavior, tone, and activity to flag threats, automate triage, and adapt—delivering faster, smarter, and more scalable defense in an ever-evolving threat landscape.Mobile Endpoint SecurityAI-first advantage mobile EDR that protects your most valuable assets — employee identities and corporate data.Threat IntelligenceEmpower your organization with cutting-edge mobile threat intelligence with preventive AI.
[H1] Data breaches now happen in minutes not months. Are you ready?
Today's attacks are too quick for legacy methods. Make sure you have intelligent defenses for every part of the modern kill chain.Modern Kill Chain
[H2] Disrupt the Modern Kill Chain Before It Disrupts You.
From initial recon and social engineering to malicious data access, Lookout gives your SOC real-time visibility and response across the mobile threat surface.Learn more25%Mobile devices phished in 2023Lookout Mobile Phishing Report ReconSocial EngineeringInitial AccessData TheftExtortion
[H2] Cloud breaches now happen in minutes not months. Are you ready?
Today's attacks are too quick for legacy methods. Make sure you have intelligent defenses for every part of the modern kill chain.Mobile phishingSteal your corporate credentials with easeAccount takeoverAccess your cloud infrastructure silentlyData exfiltrationHold your data hostage for extortion
[H3] It begins with a single text.
Targeting mobile is an attacker’s go-to for stealing credentials. Using AI, we detect and respond in real time, from isolated phishing attempts to orchestrated attacks.Discover Phishing Protection25%+Mobile devices phished in 2023— Lookout Mobile Phishing Report
[H3] One correct login and they're inside.
When attackers use valid logins, they easily mimic your users. We actively monitor user actions to quickly spot and stop any anomalous behavior.Discover User Behavior Analytics74%Breaches involving the human element— Verizon DBIR
[IMG: Account Takeover]
[H3] Legitimate access simplifies data theft.
With data sprawled across networks, clouds, and apps, the risk of exploitation rises. We keep track of everything, making sure that your data stays secure.Discover Data Loss Prevention$100 millionCost of the MGM data breach— Reuters
[H3] Lookout data-centric security solutions.
Mobile Endpoint Detection and Response (EDR)Mobile Endpoint Security (MES)Threat IntelligenceAI-Driven Security PlatformFedRAMP *  |  SOC2  |  GDPR Compliant* Mobile EDR only
[H3] Hands-on labs: Learn and Build Your Own Endpoint Security Solution
Register today
[H2] Trusted by the world’s leading organizations.
[IMG: Landis + Gyr]
Case Study
[H3] Global Smart Meter Manufacturer Secures Move to Microsoft Intune With Lookout
Read case study
[IMG: Schneider Electric]
Case Study
[H3] Schneider Electric Secures 90,000 Devices with Lookout
Read case study
[IMG: Henkel]
Case Study
[H3] Henkel Extends Compliance to Mobile by Securing Android and iOS Devices Across Global Workforce
Read case study
[H2] Discover why industry leaders choose Lookout.
[IMG: Lantum Logo]
[IMG: Schneider Electric Logo]
[IMG: Lantum Case Study]
Lantum protects data and ensures compliance with LookoutRead moreVisibility into all data activities, including who is accessing it and how it’s handledFull insights into PCI and sensitive health data usagePrecise controls to protect data while enabling productivityEnables robust auditing with data activities log
[IMG: Schneider Electric Case Study]
Schneider Electric secures 90,000 modern devices with LookoutRead moreDetection and response for over 90,000 managed and unmanaged iOS and Android devicesRapid deployment across thousands of devices through Microsoft IntuneIntegrates with existing SIEM, SSO, and EMM platforms to enhance security operations
[H2] Elevate your security posture with our free assessment
In just 60 seconds, our cybersecurity analyzer can identify security gaps within your organization, including data leakage, unauthorized sharing, malware, and more.Evaluate My Security Now
[IMG: Arrow Right]
Experience the Killchain
[H2] Featured resources.
[IMG: Inforgraphic]
InfographicYour Business Has a Shadow AI Problem. It’s On Mobile.Learn moreBlogIntroducing Lookout AI Visibility & GovernanceLearn more
[IMG: Brief]
BriefEnabling Secure AI AdoptionLearn more1 Keepnet: 250+ Phishing Statistics and Trends You Must Know in 2025

The rapid onslaught of artificial intelligence (AI) is fundamentally altering how work gets done—and how risk manifests across the enterprise. In response, organizations are scrambling to deploy comprehensive AI Agent Discovery capabilities, seeking to identify both sanctioned and unsanctioned AI usage across SaaS and cloud-hosted services. These initiatives aim to provide full visibility into where AI agents operate, detect their presence, uncover unauthorized access to enterprise resources, and enforce policy over what those agents are permitted to do.However, despite this progress, a critical gap remains. With 93% of surveyed organizations reporting employee use of generative AI on mobile devices, mobile has become a primary surface for AI interaction—yet it remains largely invisible. Existing discovery approaches rely on network gateways to inspect traffic and identify AI activity through API signatures and protocol patterns. But when employees access AI tools like ChatGPT, Claude, and Gemini directly from mobile devices, that traffic often bypasses these controls entirely—leaving mobile environments as a persistent and largely unmonitored blind spot.Today, this gap is closed with the introduction of Lookout AI Visibility & Governance. By extending AI Agent Discovery and governance into the mobile environment, Lookout provides the missing layer of visibility—enabling organizations to identify "Shadow AI"  activity on mobile devices, detect unauthorized agent behavior, and enforce policy where traditional controls have no reach.
[H2] You Can’t Govern What You Can’t See
Without mobile visibility, organizations cannot fully understand how AI is being used, what data it accesses, or where that data flows—undermining their ability to meet global requirements such as ISO/IEC 42001, the EU AI Act, and the NIST AI Risk Management Framework. The result is a breakdown of core governance principles—traceability, risk assessment, and control enforcement—leaving enterprises exposed to regulatory non-compliance, data protection violations, and an inability to scale AI adoption confidently and in a controlled, secure manner.Lookout addresses this challenge with continuous mobile AI visibility and runtime governance—empowering organizations to enforce control, reduce exposure, and demonstrate clear oversight to auditors, boards, and regulators.
[H2] The Agentic Evolution: From passive tools to autonomous actors
The mobile security challenge intensifies as we enter the era of Agentic AI. Unlike Generative AI, agentic systems are "autonomous actors" designed to plan, decide, and execute multi-step workflows independently. Agentic usage is growing rapidly, with Gartner estimating that by the end of 2026, more than 40% of enterprise applications will include task-specific AI agents. These systems can autonomously initiate communications, trigger financial transactions, and modify records without human oversight. With over 25,000 AI-enabled apps already in major app stores, employees can instantly deploy these autonomous capabilities at the mobile edge.Agentic AI fundamentally reshapes the mobile risk equation. When AI agents are embedded deep within the mobile environment, they introduce an entirely new attack surface—one that operates with the user’s full digital authority, including corporate entitlements, authenticated sessions, MFA-validated identity, and OAuth tokens that connect to a wide range of SaaS applications. Because mobile devices consolidate identity, access, and data into a single, always-on interface, they become the ideal launch point for agents to act autonomously on a user’s behalf. The implication is significant: a single security gap on a mobile device can enable an agent to exfiltrate data, invoke privileged APIs, and manipulate business processes at machine speed—well beyond the visibility and control of legacy, desktop-centric security models.
[H2] Lookout: The Control Point for AI Risk in a Mobile World
Lookout AI Visibility & Governance serves as a strategic force multiplier across Lookout’s mobile security platform, extending protection beyond the device to the AI activity occurring on it. It prevents unintended data exposure by governing both autonomous AI agents and unapproved “Shadow AI” tools, creating a layered defense that secures not only users, but also the AI-driven interactions acting on their behalf.Comprehensive AI Application Discovery & Shadow AI Visibility: Gain a complete, real-time inventory of every AI-enabled application—sanctioned and unsanctioned—interacting with corporate data across both corporate-owned and BYOD devices. Uncover hidden “Shadow AI” activity that bypasses traditional controls and transform invisible mobile risks into governed, manageable assets.Agentic Behavior Monitoring: Continuously analyze AI-driven behavior and map permissions to ensure autonomous agents do not execute unauthorized workflows or access sensitive enterprise data.Intelligent Data Guardrails & Policy Enforcement: Prevent sensitive data from reaching unsanctioned AI services with real-time controls that stop unauthorized access and exfiltration.Automated Compliance Alignment: Generate audit-ready evidence aligned to ISO/IEC 42001, the EU AI Act, and the NIST AI Risk Management Framework (AI RMF), delivering the traceability required for effective AI risk management and regulatory compliance.
[H2] Bring Mobile AI Risk Into View—Before It’s Too Late
The takeaway is not that traditional AI discovery tools are ineffective—they continue to play an important role. But they were designed for a different environment, one where the enterprise perimeter is clearly defined and enforceable. Mobile operates outside those traditional corporate boundaries—beyond network perimeters, gateways, and most enterprise discovery tools—making a growing share of AI activity effectively invisible. As employees interact with AI agents and services directly from mobile apps, that usage often bypasses the telemetry and enforcement points that underpin AI governance strategies. The result is a material gap: organizations may believe they have comprehensive AI oversight, while a significant portion of real-world usage remains unseen.AI usage on mobile is not an anomaly—it is the new normal across the enterprise. Yet most AI visibility and governance strategies remain anchored to a perimeter that no longer exists. As work shifts to mobile, so does AI activity—occurring outside traditional control points and beyond the reach of legacy discovery tools. The organizations that succeed will be those that recognize this shift, extend visibility into the mobile layer, and align their controls with how AI is actually being used—before unseen activity becomes unmanaged risk.
[H4] Lookout AI Visibility & Governance
Gain complete visibility into AI application usage, enforce intelligent policies, and ensure compliance with global AI governance frameworks—purpose-built for the mobile-first enterprise.Get a Demo
[H4] Book a personalized demo today to learn:
How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devicesReal-world examples of phishing and app threats that have compromised organizationsRequest a Demo
[H4] Book a personalized, no-pressure demo today to learn:
How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devicesReal-world examples of phishing and app threats that have compromised organizationsHow an integrated endpoint-to-cloud security platform can detect threats and protect your organizationRequest a Demo
[H4] Contact Lookout totry out Smishing AI
Request a Demo
[H3] Book a Demo
Discover how adversaries use non-traditional methods for phishing on iOS/Android, see real-world examples of threats, and learn how an integrated security platform safeguards your organization.Request a Demo Today
[H3] Lookout AI Visibility & Governance
Gain complete visibility into AI application usage, enforce intelligent policies, and ensure compliance with global AI governance frameworks—purpose-built for the mobile-first enterprise.Get a Demo
[H2] Related Content
[H3] Your business has a Shadow AI problem. It’s on mobile.
Closing the governance gap for shadow AI and agentic systemsDownload Resource
[H3] Enabling Secure AI Adoption
The rapid rise of artificial intelligence (AI), combined with widespread mobile adoption, is fundamentally reshaping how work gets done—and, in parallel, redefining how risk emerges and spreads across the enterprise.Download Resource
[H3] How Lookout Secures Fairfax County's Mobile Infrastructure
Download Resource
[H2] Explore resources by topic
Artificial IntelligenceCloud SecurityEndpoint Detection and Response (EDR)Endpoint ProtectionEndpoint SecurityEnterprise Mobility Management (EMM)Executive Impersonation ProtectionInsider ThreatIT SecurityMalwareMobile Intelligence APIsMobile SecurityMobile Threat DefensePegasus SpywarePhishingPhishing and Content Protection (PCP)RansomwareShadow ITSmishingSpywareThreat HuntingThreat IntelligenceTiktok Security RiskVulnerability Management
[H2] Subscribe
[H4] Sign-up for the latest Lookout news and threat research
Thank you!
By subscribing you agree with our Privacy PolicyFollow onLookout

[H2] Shadow AI: The Hidden Risk in Every Pocket
The modern enterprise perimeter has shifted to mobile devices, making "Shadow AI"—unsanctioned AI use—a mobile-driven crisis. 93% of Generative AI use is on mobile. 75% of knowledge workers use AI at work, with 78% utilizing personal AI tools (BYOAI) for professional tasks, creating significant data security, privacy, and IP risks.This lack of oversight leads to uncontrolled data flow, bypassing security. 77% of employees paste corporate data into GenAI, and 40% of uploaded files contain sensitive corporate information, including 22% with highly regulated data like PII. Consequently, 86% of CISOs are deeply concerned about employees entering sensitive data into GenAI.Comprehensive AI Application DiscoveryIdentify and classify AI-enabled applications across both corporate-owned and BYOD devices, turning invisible risks into governed assets.Agentic Behavior MonitoringBeyond simple malware detection, use behavioral analysis and permission mapping to ensure that autonomous digital actors do not execute unsanctioned workflows or access sensitive data.Real-Time Data GuardrailsMonitor and govern data flows between mobile devices and AI services, preventing unauthorized exfiltration before it occurs.Automated Compliance AlignmentDirectly align your mobile fleet with ISO/IEC 42001, the EU AI Act, NIST AI RMF, and other frameworks—providing the auditable traceability needed for meaningful AI risk assessments.Policy Enforcement at ScaleDefine granular policies to allow, monitor, warn, or block AI applications based on risk classification, data handling practices, and organizational requirements.Threat Intelligence Integration‍Backed by the industry's most extensive mobile threat telemetry and two decades of specialized research, detect AI-related threats earlier and achieve measurable reductions in business risk.

[H3] Complete Visibility
ISO/IEC 42001 & EU AI Act
Directly align your mobile fleet with ISO/IEC 42001, the EU AI Act, NIST AI RMF, and other frameworks by providing the visibility needed for meaningful AI risk assessments.

[H2] AI Security & Control Engine

[H3] Data Guardrails
Prevent unauthorized data exfiltration
Monitor and govern data flows between mobile devices and AI services, preventing unauthorized exfiltration before it occurs.

[H3] Granular Actions

Define granular policies to allow, monitor, warn, or block AI applications based on risk classification, data handling practices, and organizational requirements.

Allow

Monitor

Block

[H4]
Visibility & Discovery Layer

[H3] Data Discovery
Identify active AI-enabled applications
Identify and classify AI-enabled applications across both corporate-owned and BYOD devices, turning invisible risks into governed assets.

[H3] Advanced Telemetry
Monitor DNS lookups & behavioral trends
Monitor DNS lookups deeply to measure utilization and scope behavioral trends in real-time.

1.78M
DNS LOOKUPS

278K
ACTIVE DEVICES

[H3] Agentic Behavior
Prevent unsanctioned actor workflows
Beyond simple malware detection, use behavioral analysis and permission mapping to ensure autonomous digital actors do not execute unsanctioned workflows or access sensitive data.

[H3] iOS Devices

[H3] Android Devices

[H3] Native GenAI Apps

[H3] Mobile Web Browsers

Why Lookout
[H2] Why Lookout for AI Visibility?
Most AI Detection and Response (AIDR) solutions are retrofitted from desktop and cloud environments. Lookout is purpose-built for the distinct architectures of iOS and Android, leveraging over 15 years of mobile intelligence.FeatureLookout AI VisibilityLegacy SWG/CASBMobile-Native AIDRDedicated telemetry for iOS/AndroidOften blind to mobile-only activityAgentic MonitoringAnalyzes autonomous AI workflow behaviorsLimited to simple malware/URL filteringShadow AI DiscoveryIdentifies AI in encrypted mobile trafficBypassed by mobile encryption/appsSocial Engineering IntegrationLayered defense for human & AI actorsDisconnected point solutions
[H3] Hands-on Labs: Experience AI Visibility and Governance in Action.
Register todayUse case
[H2] Protect Sensitive Data from Shadow AI Exposure
‍With AI tools readily available on every mobile device, employees increasingly use unsanctioned applications to streamline workflows—unknowingly exposing proprietary data, source code, and customer information. Lookout AI Visibility and Governance discovers all AI applications across your fleet, classifies them by risk and data handling practices, and enforces policies that prevent sensitive information from reaching unauthorized models. Maintain productivity while ensuring corporate data remains within governed boundaries.Use case
[H2] Govern Agentic AI Across the Enterprise
‍As autonomous agents proliferate across business applications, the risk of unsanctioned actions escalates exponentially. An agent with access to corporate email, calendars, and SaaS platforms can execute financial transactions, modify records, and exfiltrate data without human intervention. Lookout monitors agentic behavior patterns, permissions, and API interactions on mobile devices—ensuring autonomous actors operate within defined guardrails and cannot leverage mobile endpoints to bypass enterprise controls.ISO/IEC 42001EU AI ActNIST AI RMFUse case
[H2] Achieve AI Governance Compliance
‍Global frameworks including ISO/IEC 42001, the EU AI Act, and NIST AI RMF now require demonstrable controls over AI usage, risk assessment, and audit trails. Lookout AI Visibility and Governance provides the foundational telemetry and policy enforcement required to meet these standards across your mobile fleet. Generate comprehensive reports on AI application usage, data flows, and policy violations to satisfy auditors and regulators with confidence.
[H3] Featured resources.
[IMG: Inforgraphic]
InfographicYour Business Has a Shadow AI Problem. It’s On Mobile.Learn moreBlogIntroducing Lookout AI Visibility & GovernanceLearn more
[IMG: Brief]
BriefEnabling Secure AI AdoptionLearn more
[H3] 60% of surveyed organizations cannot monitor AI activity on mobile devices, leaving the majority of mobile AI activity operating in the shadows
Source: Lookout survey
[IMG: Close]

In-Depth AnalysisiOSMarch 18, 2026
[H1] Attackers Wielding DarkSword Threaten iOS Users
[IMG: Darksword]
[H1] Introduction
Mobile devices now sit at the convergence of access, identity, and sensitive corporate data—effectively relocating the enterprise perimeter into every employee’s pocket. Recently observed threats demonstrate that the mobile attack surface has fundamentally expanded, moving beyond app-based malware to include sophisticated, hit-and-run campaigns that can disrupt operations and trigger material financial damage faster than traditional attack vectors.In a tangible example of how attacks are evolving, Lookout Threat Labs has discovered DarkSword, a full iOS exploit chain and payload for iPhones running iOS versions between iOS 18.4 and 18.6.2. This threat was deployed by the same unknown, likely Russian, threat actor (dubbed UNC6353 by Google) who also deployed the Coruna exploit chain reported earlier this year, which was reported by Google and iVerify. As was the case for Coruna, this threat also targeted Ukrainian users. DarkSword aims to extract an extensive set of personal information including credentials from the device and specifically targets a plethora of crypto wallet apps, hinting at a financially motivated threat actor. Notably, DarkSword appears to take a “hit-and-run” approach by collecting and exfiltrating the targeted data from the device within seconds or at most minutes followed by cleanup.Exploit chains such as the one used in DarkSword enable threat actors to gain full access to a user’s device with little to no action needed from the user. These sophisticated, and thought to be extremely expensive, exploit kits are often assumed to be technology only available to state-backed actors and companies who build tools for law enforcement and intelligence agencies. The discoveries of DarkSword and previously Coruna prove that there is a second-hand market for such exploits that enables groups with more limited resources and motives other than highly targeted espionage to acquire top-of-the-line exploits and deploy them against mobile device users. With mobile devices holding access to anything from financial accounts to enterprise data, this discovery further underscores the need to protect them against the broadest spectrum of possible attack vectors.Lookout researchers collaborated with Google and iVerify on the investigation of this threat. Their findings are available here and here, respectively.Lookout customers are protected against this threat through our Safe Browsing feature as well as Device Compromise Detection. Devices running the most recent versions of iOS (≧18.7.3 for iOS 18 and ≧26.3 for iOS 26) are not susceptible to this threat or the vulnerabilities exploited by it. Out-of-date OS detection empowers admins to identify vulnerable devices in their fleet. Lastly, our Web History feed enables identification of devices that have been exposed to or compromised by this threat.
[H1] Discovery
Following the discovery of Coruna, Lookout researchers set out to analyze the malicious infrastructure associated with the Chinese and Russian threat actors who deployed the malware. While looking for additional domains tied to cdn.uacounter[.]com, the domain which Google identified as being tied to the probable Russian threat actor UNC6353, we observed a similar domain: cdncounter[.]net. The cdncounter[.]net domain is not only similar in naming to the uacounter[.]com domain, but it also shares nameservers, registrar, registration date and IP resolution overlap between certain subdomains. Upon observing the static.cdncounter[.]net domain in Validin, we noted JavaScript links between the domain and two compromised Ukrainian domains including a .gov.ua domain: novosti.dn[.]ua and 7aac.gov[.]ua. We also noted that the domain 7aac.gov[.]ua had previously hosted an iframe linked to cdn.uacounter[.]com, indicating that it had been used in watering hole attacks to deliver Coruna malware. Our researchers proceeded to analyze the compromised Ukrainian domains, and observed an active iframe linked to static.cdncounter[.]net in the HTML code of the websites, as well as javascript code to create the iframe.A malicious iframe discovered on the compromised Ukrainian government website 7aac.gov[.]ua.While it initially appeared that this may be another site distributing Coruna, upon closer inspection of the our researchers found that the iframe loads a javascript file called rce_loader.js, which is largely responsible for fingerprinting devices visiting the compromised site in order to determine whether to route the devices to the iOS exploit chain. However, the script was looking for iOS devices with OS versions 18.4 or 18.6.2, which are iOS versions that are not susceptible to the exploit chains used in Coruna.
[IMG: An excerpt from rce_loader.js]
An excerpt from rce_loader.js showing that devices with specific iOS versions are routed to different scripts for exploitation based on the version.Recognizing that this was a new threat, our researchers analyzed the code and began capturing all of the stages of the exploits. In addition, as part of a joint research effort between Lookout and iVerify, we shared the compromised domains and one of the malware stages with their research staff. We also coordinated with GTIG, who confirmed that they had first observed this new threat in late 2025. Together we have named this threat DarkSword, which appears in the code as the internal name likely given to the malware by the developer.
[H1] Capabilities
DarkSword is a complete exploit chain and infostealer written in JavaScript. It leverages multiple vulnerabilities to establish privileged code execution to access sensitive information and exfiltrate it off the device. The kill chain begins with Safari encountering the malicious iframe embedded in a web page. Once loaded, Darksword breaks out of the WebContent sandbox and then leverages WebGPU to inject into mediaplaybackd. From there it can craft Kernel read/write access, which it leverages to gain access to privileged processes and modify sandbox restrictions, gaining access to restricted parts of the filesystem.After successful privilege escalation, the post-exploitation main module, `pe_main.js`, serves as an orchestrator for an assortment of malicious modules. It begins by force loading the iOS’s JavaScriptCore framework along with custom payloads into several vital and privileged iOS services (configd, wifid, securityd, and UserEventAgent). Each payload gathers and stages sensitive information such as passwords, keys and other documents in accessible locations. Once complete, a final exfiltration payload is injected into Springboard where the staged data along with emails, cryptocurrency wallets, usernames, passwords, photos, and other files are lifted from the device is then sent to a C2 server. After all the data has been exfiltrated, the staged files are cleaned up and the process exits cleanly.This malware is highly sophisticated and appears to be a professionally designed platform enabling rapid development of modules through access to a high level programming language. This extra step shows a significant effort put into the development of this malware with thoughts about maintainability, long term development and extensibility. Some of the JavaScript files used in DarkSword contained references to older iOS versions (specifically 17.4.1 and 17.5.1) indicating that they had been carried over from an earlier version of the same kit. As was the case with Coruna, it appears likely that the threat actor gained access to an exploit and post-exploitation tool kit that was built by a third party.While the observed espionage functionality such as exfiltration of messages and iCloud content is expected as part of this kind of threat, it is notable that DarkSword also targets cryptocurrency wallets - a clearly financially motivated target. This dual-use approach is an important insight into the threat actor’s motives and indicates that they (or possibly a previous user of DarkSword who then passed it on to them) are operating with a motive of monetary gain. Cryptocurrency exchanges targeted by DarkSword include Coinbase, Binance, Kraken, Kucoin, Okx, Mexc etc. It also targets wallets such as Ledger, Trezor, Metamask, Exodus, Uniswap, Phantom, Gnosis Safe among others.As opposed to many other previously reported cases of sophisticated attacks on mobile devices, DarkSword is not designed for ongoing surveillance. Once it finishes collecting and exfiltrating the targeted data, it deletes the files it created on the filesystem of the device and exits. Its dwell time on the device is likely in the range of minutes, depending on the amount of data it discovers and exfiltrates.‍
Unique device identifiersSMS / iMessageCall historyAddress bookWiFi configuration and passwordsSafari web history, cookiesLocation and location historyNotesCalendarHealth dataPhotosiCloud DriveCellular and SIM informationEmailsInstalled app listSaved passwordsTelegram message historyWhatsApp message history
Data exfiltrated by DarkSword‍
[H1] The UNC6353 Threat Actor
Despite the fact that the threat actor UNC6353 has now been observed deploying multiple iOS exploit chains in watering hole attacks on compromised Ukrainian websites, little is known about this group. Our research has not revealed any infrastructure tied to the group beyond the two domains mentioned, cdncounter[.]net and uacounter[.]com, the C2 domain sqwas.shapelie[.]com and the compromised, legitimate websites. Nor have we observed any connections between UNC6353 and other threat actors. However, we can make some observations about the group based on our analysis of their activities.UNC6353 has access to a supply of high-quality iOS exploit chains, likely developed for tier-1 commercial surveillance vendors (CSVs). Some of the exploits appear to have been 0-day exploits when they were first deployed. This indicates that they are likely well funded and may have connections to exploit brokers such as Matrix LLC / Operation Zero.All observed attacks by the group have been targeted at visitors of compromised Ukrainian websites using a technique referred to as a watering hole attack. For observed DarkSword targeting, the novosti.dn[.]ua site is for the independent news agency News of Donbas which provides information on the frontline situation and social issues in the Donbas region of Ukraine. The 7aac.gov[.]ua site is an official website for the Seventh Administrative Court of Appeals, which reviews decisions from courts in several oblasts and is located in Vinnytsia. Lookout researchers have observed evidence of a potential infection of an employee at a food processing manufacturer in Ukraine on February 12th, 2026.It is unknown how the websites used in the attack were compromised, but we know that UNC6353 gained sufficient access to inject malicious iframes in the HTML code of the websites. The command and control (C2) server for the DarkSword sample we collected is sqwas.shapelie[.]com, which appears to be a subdomain created by the threat actor on the compromised Ukrainian domain shapelie[.]com. This means that they also had sufficient access to create subdomains, and may be using other compromised domains for C2. The C2 domain is hardcoded in DarkSword and exfiltrated data is sent to ports 8881/8882 which host a “DarkSword File Receiver” endpoint. The use of BaseHTTPServer together with the HTML content served by this endpoint indicates that server-side code may have been included in the sale of DarkSword for demonstration purposes, or was created by the threat actor themselves. There are indicators that this part of the DarkSword infrastructure was created with assistance from an LLM such as a folder emoji in the heading and a checkmark symbol.‍HTML content of the DarkSword File Receiver endpoint previously located on sqwas.shapelie[.]comBoth Coruna and DarkSword have the capability to steal cryptocurrency as well as sensitive private data, which indicates that both tools can be used for espionage as well as financial theft. It is unknown whether the cryptocurrency theft functionality was introduced in Coruna prior to or after its use by the Chinese criminal group UNC6691 reported by Google. It is therefore unclear whether the purpose of UNC6353’s use of Coruna was to steal cryptocurrency. This may indicate that this threat actor is financially motivated, or alternatively it may indicate that this likely Russian, state-aligned activity has expanded into financial theft targeting mobile devices.It appears that no attempts were made to obfuscate the exploit chain or the implant code to prevent analysis. This includes the presence of numerous comments and log messages in the JavaScript code. Analysis of patterns suggests that  LLMs were used in the creation of at least some of the implant code. Based on this, it appears probable that UNC6353 lacks first-hand experience with mobile exploits and may have relied on AI support to add additional functionality to purchased tooling. Alternatively, this code may have been added prior to the threat actor’s acquisition of the tooling.There are some noteworthy overlaps between certain characteristics of this campaign and previous Russia-linked activity. In 2024, Google published research on a campaign conducted by APT29 using watering hole attacks on compromised Mongolian websites, in which n-day exploits for iOS and Android previously used by CSVs were leveraged using hidden iframes. Combining watering hole attacks and the use of compromised domains for C2 is a technique that has been observed for other Russian APTs. Also, Sandworm APT targeted cryptocurrencies in their Infamous Chisel tooling which targeted Ukrainian armed forces’ Android devices.Given that both Coruna and DarkSword have capabilities for cryptocurrency theft and intelligence gathering, we must consider the possibility that UNC6353 is a Russia-backed privateer group or criminal proxy threat actor. Russian criminal proxies have targeted Ukraine extensively while simultaneously conducting financially focused attacks. Google’s research on Coruna also showed that the tooling was likely sold to Chinese cybercriminals, which would support the idea that such tooling could be sold to Russian cybercriminals as well. Notably, the US Department of the Treasury recently sanctioned entities associated with Matrix LLC / Operation Zero, the Russian exploit broker, and highlighted connections between the TrickBot cybercrime gang and the broker. The complete lack of obfuscation in DarkSword code, the lack of obfuscation in the HTML for the iframes and the fact that the DarkSword File Receiver is so simply designed and obviously named lead us to believe that UNC6353 may not have access to strong engineering resources or, alternatively, is not concerned with taking appropriate OPSEC measures.Based on the above information, we assess tha