The Industrialization of Mobile Exploitation Has Begun: What Enterprises Must Learn From DarkSword

iVerify analyzes two advanced iOS exploit kits—Coruna and DarkSword—demonstrating a shift toward scalable, modular mobile exploitation: Coruna provides persistent, multi-stage implants injected into trusted system processes for long-term surveillance, while DarkSword is a JavaScript-based, in-memory smash-and-grab exfiltration chain delivered via compromised websites. The report warns that these techniques evade traditional MDM and endpoint controls, can affect large populations of unpatched devices, and urges treating mobile as a Tier‑1 endpoint with device-level behavioral telemetry and forensic visibility.