GlassWorm: The Multi-Stage Supply Chain RAT Hiding in Plain Sight

Imagine running npm install on a trusted package and, within hours, every credential on the machine is gone. Browser sessions hijacked. Crypto wallets drained. A persistent backdoor phoning home through the Solana blockchain. That is exactly what GlassWorm does, and it is active right now.

This is not a theoretical exercise. GlassWorm is a multi-stage attack framework targeting software developers through poisoned packages on npm, PyPI, GitHub, and the OpenVSX marketplace. It moves from initial compromise to full system takeover across three distinct stages, each more dangerous than the last.

Subscribe now

How GlassWorm Gets In

The initial infection vector is the software supply chain itself. The threat actor operates on two parallel tracks: publishing entirely new malicious packages and compromising the accounts of legitimate maintainers to push trojanized updates to trusted projects. This dual approach has been tracked across hundreds of compromised GitHub repositories and popular React packages on npm.

Two loader variants have been observed. The first uses invisible Unicode characters to hide malicious code, a technique that defeats visual code review entirely. The second takes a more conventional route via an obfuscated preinstall script. Both variants converge on the same execution logic once they reach the victim machine.

Check out my YouTube channel

Anti-Analysis and Geofencing

Before doing anything else, the loader checks whether the victim is located in Russia. It examines five locale signals, including the system username, LANG environment variable, and Intl locale settings, against a Russian locale pattern. It also checks the system timezone and UTC offset against a hardcoded list spanning Europe/Moscow through Asia/Anadyr. If a Russian locale is detected, execution halts. This CIS-region exclusion is a common pattern in financially motivated malware operations and offers a strong clue about the operator’s geography.

A rate-limiting mechanism also prevents repeated execution. The loader checks a timestamp file at ~/init.json (or %USERPROFILE%\init.json on Windows). If the file was written less than two hours ago, the loader goes dormant.

The Blockchain Dead Drop

Here is where GlassWorm gets genuinely clever. Rather than hardcoding a command-and-control URL that defenders can block or take down, the loader queries the Solana blockchain for its Stage 2 address. The operator stores the C2 URL in the memo field of a Solana transaction, which is permanent, publicly visible on-chain, and hosted on infrastructure that no single party can shut down.

The loader cycles through nine public Solana RPC endpoints until one responds, then polls in a 10-second loop until it finds a transaction with a non-null memo. The memo contains a Base64-encoded URL pointing to the Stage 2 payload server. The operator can rotate this URL at any time simply by sending a new Solana transaction. No package update is required. No infrastructure needs to be redeployed.

Two Solana wallet addresses have been observed across the loader variants, confirming that the Unicode loader and the obfuscated preinstall loader are part of the same operation.

Stage 2: Credential Harvesting at Scale

Once Stage 2 lands, the payload becomes an aggressive data-theft framework. It targets 71 browser extension wallet IDs covering MetaMask, Phantom, Coinbase, Exodus, Binance, Ronin, Keplr, and others. It also sweeps standalone wallet application directories and collects .txt files and images from Documents and Desktop folders whose filenames suggest seed phrases or crypto holdings.

Developer credentials receive equally thorough treatment. The payload reads .npmrc files and NPM_TOKEN environment variables, validates stolen npm tokens in real time against the npm registry, and extracts tokens via the git credential command and VS Code internal storage. Cloud provider credentials for AWS, GCP, Azure, Docker, Kubernetes, SSH keys, Heroku, DigitalOcean, and Terraform are also copied.

Everything is staged under %TEMP%\hJxPxpHP, zipped, and exfiltrated via a POST request to 217.69.3[.]152/wall.

Stage 3: The Persistent RAT

Stage 3 downloads two components. The first is a .NET phishing binary that targets users with physical Ledger or Trezor hardware wallets. It monitors for USB device connections via a WMI event subscription. When a hardware wallet is plugged in, the binary launches a convincing phishing window that requests the 24-word recovery phrase. A background loop kills any real Ledger Live processes at one-second intervals and prevents the victim from closing the phishing window without entering credentials. Stolen seed phrases are transmitted to 45.150.34[.]158.

The second component is a WebSocket-based RAT saved as %APPDATA%\QtCvyfVWKH\index.js. Persistence is achieved through both a scheduled task (UpdateApp, running with highest privileges) and a Run registry key that executes a PowerShell launcher. The RAT hooks SIGINT, SIGTERM, SIGQUIT, and several other signals. If the process is killed, it schedules a re-download and restart of the payload.

DHT-Based C2 and Fallback Chains

The RAT resolves its primary C2 through a distributed hash table lookup for a pinned public key, bootstrapping through dht.libtorrent.org, router.bittorrent.com, and router.utorrent.com. If the DHT lookup fails, it falls back to the Solana memo dead-drop to fetch a new IP address. This layered resilience makes traditional network-based blocking extremely difficult. Defenders cannot simply sinkhole a domain or block a single IP.

The recovered infrastructure includes 217.69.0[.]159:10000 as the DHT bootstrap node, 45.32.150[.]251 as the WebSocket C2, and 217.69.3[.]152:80 as the exfiltration server.

The Fake Chrome Extension

Deep in Stage 3, the RAT force-installs a Chrome extension masquerading as “Google Docs Offline” (version 1.95.1). This extension resolves its own C2 from a separate Solana wallet, registers as an agent via a POST request, and begins polling for commands at randomized intervals between 5 and 30 seconds.

The extension’s capabilities are extensive. It can capture the full DOM tree of the active tab, dump all cookies (optionally filtered by domain), extract localStorage key-value pairs, take screenshots, read clipboard contents, pull up to 5,000 browser history entries, export the full bookmark tree, fingerprint the browser and hardware, and run a keylogger that hooks keydown, keyup, keypress, input, change, focus, and blur events across all pages.

It also performs targeted session surveillance. The extension ships with Bybit pre-configured as a monitored target, watching for authentication cookies and firing webhooks when they are detected.

Why This Matters Beyond Crypto

The current targeting skews heavily toward developers with cryptocurrency assets, but that framing undersells the threat. The stolen npm tokens, git credentials, cloud provider secrets, and VS Code data create the foundation for broader supply chain attacks that can reach far beyond the original victim. A compromised npm token, for example, can be used to push malicious code to packages consumed by thousands of downstream applications.

The SOCKS proxy capability in the RAT compounds this risk. It turns the victim machine into a proxy node, allowing the threat actor to route other attacks through the victim’s IP address.

Detection Priorities

Defenders should focus on several indicators. Check for the existence of %APPDATA%\QtCvyfVWKH\index.js and the PowerShell launcher at %LOCALAPPDATA%\QtCvyfVWKH\AghzgY.ps1. Look for the scheduled task named UpdateApp and the Run registry keys UpdateApp and UpdateLedger under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.

On macOS, the malicious Chrome extension installs to /Library/Application Support/Google/Chrome/myextension/. On Windows, look for the extension directory named “jucku” under the Chrome local data path.

Audit browser extensions regularly. A duplicate “Google Docs Offline” entry, especially at version 1.95.1, is a strong signal. Monitor for outbound connections to the four IP addresses published in the IOCs. Pin package versions. Treat sudden maintainer changes or large code rewrites in minor releases as review triggers.

GlassWorm is a reminder that the software supply chain is now a primary attack surface. The combination of blockchain-based C2, DHT resilience, and layered persistence makes this threat significantly harder to disrupt than a conventional RAT. The developers it targets today are the entry point to the companies and users it compromises tomorrow.

Sources

1. Malwarebytes, “GlassWorm attack installs fake browser extension for surveillance,” https://www.malwarebytes.com/blog/news/2026/03/glassworm-attack-installs-fake-browser-extension-for-surveillance

2. Aikido Security, “GlassWorm Hides a RAT Inside a Malicious Chrome Extension,” March 18, 2026. https://www.aikido.dev/blog/glassworm-chrome-extension-rat

What if the next wire transfer your finance team approves is authorized by a voice that sounds exactly like your CFO, on a video call where every face looks real, but none of them are human? That scenario already happened. In early 2024, a multinational firm lost $25 million after an employee was deceived by a fully AI-generated video call impersonating the company's CFO and entire leadership team. The employee was invited to a conference call with other senior staff members, and everyone on the call was a deepfake. Scammers had scraped publicly available data from social media platforms like LinkedIn and fed it into AI to create matching video and audio.

This is not a thought experiment. It is the current state of phishing in 2026.

Over 90% of cyberattacks begin with phishing, making it the leading method threat actors use to breach networks and steal data. Understanding where this threat started and where it is going is no longer optional security hygiene. It is table stakes for anyone defending a network.

The Classic Playbook: How Traditional Phishing Works

The original phishing attack is simple by design. An attacker sends a mass email impersonating a trusted brand, a bank, a shipping carrier, an HR department, and waits for someone to click a link or open an attachment. The goal is credential theft, malware delivery, or direct financial fraud.

Microsoft remains the most imitated brand, with 43.1% of phishing attempts targeting it, according to the Zscaler ThreatLabz 2024 Phishing Report. That number makes sense. A stolen Microsoft 365 login is a skeleton key to email, SharePoint, Teams, and often the identity layer of an entire organization.

The click window is alarmingly short. The median time for users to click on a phishing simulation link was just 21 seconds, and 28 seconds to submit sensitive data, according to Verizon’s 2024 Data Breach Investigations Report. A security awareness program that drills “think before you click” is fighting against a biological reflex baked into routine work behavior.

Traditional phishing remains the foundation because it scales. An estimated 3.4 billion phishing emails are sent globally every single day. Even a tiny conversion rate on that volume produces millions of compromised accounts per year.

Spear Phishing: When the Attack Knows Your Name

Spray-and-pray email blasts are giving way to targeted campaigns that reference your actual job title, your manager, your clients, or a project you are actively working on. This is spear phishing, and it operates on the principle that context eliminates suspicion.

A 2019 study highlighted that spear phishing was the most popular attack method for cybercriminals, used by 65% of all known groups, with intelligence gathering as the primary motive in 96% of cases. The targeting information comes from LinkedIn profiles, company websites, press releases, and breached credential databases available on dark web marketplaces.

The variation targeting executives specifically is called whaling. A single whaling attack costs businesses $47 million on average. The mechanism is the same as spear phishing, but the research investment is heavier because the target has authority to approve large transactions.

Approximately 88% of organizations experience spear phishing attacks annually. If your organization has a public web presence and a LinkedIn company page, it is a spear phishing target. There is no threshold of size below which this stops being true.

Smishing and Vishing: Phishing Moves Off Email

At some point, attackers realized that corporate email filters had gotten better and that the same psychological levers work equally well over SMS and phone calls. The result was smishing (SMS phishing) and vishing (voice phishing), and both have grown dramatically.

Smishing exploits the trust that most people place in text messages. Smishing click-through rates range from 19 to 36%, significantly higher than email phishing’s 2 to 4%. Part of that gap is technical: mobile screens hide full URLs, making it harder to spot spoofed domains before tapping a link. In 2024, U.S. consumers reported $470 million in losses to text-message scams, a figure the FTC noted is five times higher than in 2020.

Vishing uses phone calls to manufacture urgency. A caller pretending to be IT support, a bank fraud team, or a government agency pressures a target into revealing credentials or authorizing a payment in real time. CrowdStrike observed an explosive increase in vishing incidents, with cases jumping 442% between early and late 2024.

The MGM Resorts ransomware attack, which caused extensive operational disruption, reportedly began when an attacker called the IT help desk and impersonated an employee to gain access. That is the defining feature of vishing: no malware required, just a convincing caller and a helpful employee following normal procedure.

Quishing: The QR Code Trap

QR codes were a niche technology until the pandemic normalized scanning them for menus, check-ins, and payments. Attackers noticed and pivoted quickly. Quishing embeds a malicious URL inside a QR code image, which email security filters cannot read the way they parse text-based links.

According to Abnormal Security, QR code attacks increased 400% between 2023 and 2025, with energy, healthcare, and manufacturing among the most affected sectors. The technique is particularly effective against executives. In Q4 2023, the average C-suite executive saw 42 times more QR code phishing attacks compared to the average employee.

56% of quishing emails involve Microsoft two-factor authentication resets, and only 39% of consumers can identify a malicious QR code. The delivery method also extends beyond email. Physical QR codes have been placed on parking meters, restaurant tables, and event signage, redirecting people who scan them for a legitimate purpose.

AI-Powered Phishing: The Threat That Broke the Old Rules

The “badly written email” heuristic that security awareness programs relied on for years is now dead. Generative AI produces grammatically flawless, contextually appropriate phishing content at industrial scale. In an experiment by IBM security researchers, AI needed only 5 prompts and 5 minutes to build a phishing attack as effective as one that took human experts 16 hours.

The numbers reflect this shift. Since December 2024, AI-generated phishing campaigns flooded inboxes with a 14x surge and now represent around half of all attacks reported by users. According to one external threat intelligence report, 67.4% of all phishing attacks in 2024 utilized some form of AI.

Deepfake Vishing and Executive Impersonation

AI voice cloning is now accessible to anyone willing to spend roughly $20 on dark web tooling. As Deloitte notes, there is now an entire dark web cottage industry selling AI-driven scamming tools for as little as $20, a democratization of fraud tech that is challenging traditional anti-fraud defenses.

Voice cloning technology can replicate executive voices using as little as three seconds of audio obtained from earnings calls, podcasts, or conference presentations. One of the first documented cases occurred in 2019 when a UK energy firm lost $243,000 after a subordinate was convinced by an AI-cloned CEO voice to wire funds to a fraudulent account. The 2024 Arup incident involving $25 million in losses represented a direct escalation of the same method, now extended to video.

The CEO of WPP was also targeted by scammers who cloned his voice and used it on a fake Teams-style call, with the voice sounding authentic and instructing staff to share sensitive access credentials and transfer funds. That attempt was identified before financial loss occurred, but it demonstrates that no profile is too public or too prominent to be targeted.

Malicious LLMs and Phishing-as-a-Service

The ecosystem around AI phishing has professionalized. Threat actors have created malicious large language models including WormGPT, FraudGPT, Fox8, and DarkBERT to help them create malware, malicious code, and other illegal materials at scale. These tools strip out the ethical guardrails that commercial AI platforms enforce and are sold on subscription through dark web forums.

Phishing-as-a-Service (PhaaS) kits have grown 21%, giving even low-skilled actors the tools to run large-scale campaigns. The barrier to entry for a sophisticated, multi-channel phishing operation is now measured in dollars and hours rather than weeks of technical expertise.

What a Modern Attack Actually Looks Like

A current high-sophistication campaign does not rely on a single vector. 41% of phishing incidents now involve multi-channel attacks combining SMS, QR codes, and voice calls, with 40% of campaigns extending beyond traditional email to platforms like Slack, Teams, and social media.

The sequence typically runs as follows. An initial email establishes context, referencing a real internal project scraped from LinkedIn. A follow-up SMS creates urgency. A phone call from someone claiming to sound like a known colleague closes the loop. Each step by itself might trigger a flag. Together they build a narrative that overrides normal skepticism.

Phishing-related breaches take an average of 254 days to identify and contain, the third-longest dwell time of any breach vector, and organizations often do not realize they are compromised until attackers have established a firm foothold.

What Actually Works Against These Threats

Security controls need to match the threat model, not the one from five years ago. Password policies and standard email gateways were designed for a different era. Adversary-in-the-Middle (AiTM) frameworks like EvilGinx2 bypass MFA by proxying the authentication session and stealing the session cookie after MFA completes, with Microsoft reporting over 10,000 AiTM attacks per month targeting its users in 2024.

Training still matters but only if it evolves. Users who had more recent training reported phishing emails at a rate of about 21%, compared to a base rate of 5%, a four times relative increase. The content of that training needs to shift from “spot the typo” to “verify the request through a separate channel regardless of how convincing the communication appears.”

Out-of-band verification is the most consistently effective control against deepfake voice and video attacks. Organizations that require a callback over a pre-registered number, or a confirmation through a second authenticated channel, break the social engineering chain even when the impersonation is technically flawless.

The threat has become multi-modal, AI-assisted, and deeply personalized. The organizations that keep pace are the ones that treat verification as a process requirement, not a judgment call made under pressure.

SOURCES AND FURTHER READING

1. Hoxhunt Phishing Trends Report: https://hoxhunt.com/guide/phishing-trends-report

2. Hunto AI Phishing Attack Statistics 2026: https://hunto.ai/blog/phishing-attack-statistics/

3. Zensec Phishing Statistics 2025-2026: https://zensec.co.uk/blog/2025-phishing-statistics-the-alarming-rise-in-attacks/

4. Keepnet Phishing Statistics: https://keepnetlabs.com/blog/top-phishing-statistics-and-trends-you-must-know

5. Guardz 33 Phishing Statistics 2025: https://guardz.com/blog/33-phishing-statistics-every-msp-should-know-about/

6. AAG Phishing Statistics: https://aag-it.com/the-latest-phishing-statistics/

7. Brightside AI Phishing Risk Analysis 2025: https://www.brside.com/blog/ai-generated-phishing-vs-human-attacks-2025-risk-analysis

8. Right-Hand AI Deepfake Vishing 2025: https://right-hand.ai/blog/deep-fake-vishing-attacks-2025/

9. Norton Top 5 AI and Deepfakes 2025: https://us.norton.com/blog/online-scams/top-5-ai-and-deepfakes-2025

10. CybelAngel Rise of AI Phishing: https://cybelangel.com/blog/rise-ai-phishing/

11. StrongestLayer AI Phishing 2026: https://www.strongestlayer.com/blog/ai-generated-phishing-enterprise-threat

12. Jericho Security Deepfake Phishing: https://www.jerichosecurity.com/blog/deepfake-phishing-the-ai-powered-social-engineering-threat-putting-cisos-on-high-alert-in-2025

13. TechTarget AI Phishing Dangers: https://www.techtarget.com/searchsecurity/tip/Generative-AI-is-making-phishing-attacks-more-dangerous

14. Hoxhunt AI Phishing Infographic: https://hoxhunt.com/blog/ai-phishing-attacks

15. Keepnet Smishing Statistics: https://keepnetlabs.com/blog/smishing-statistics-the-latest-trends-and-numbers-in-sms-phishing

16. Keepnet Quishing Statistics: https://keepnetlabs.com/blog/qr-code-phishing-trends-in-depth-analysis-of-rising-quishing-statistics

17. CaptainDNS Phishing Trends 2025-2026: https://www.captaindns.com/en/blog/phishing-trends-2025-2026-statistics

18. Bright Defense Phishing Statistics: https://www.brightdefense.com/resources/phishing-statistics/

19. Parachute Cloud Phishing Statistics 2026: https://parachute.cloud/phishing-attack-statistics/

20. Controld Global Phishing Statistics: https://controld.com/blog/phishing-statistics-industry-trends/

Security researchers have uncovered DarkSword, a sophisticated cyberattack that can silently steal everything on your iPhone in minutes, with nothing but a visit to a website.

If your iPhone is running iOS 18.4 through 18.6.2, you may be at risk right now. The fix is simple: update to iOS 18.7.3 or later.

Subscribe to my YouTube channel

What Is DarkSword?

Imagine a burglar who can walk through your locked front door, rifle through every drawer in your house, photograph everything valuable, and disappear, all without making a sound, and without you ever opening the door for them. That is essentially what DarkSword does to an iPhone.

Discovered by security firm Lookout in March 2026, DarkSword is a full iOS exploit chain and payload targeting iPhones running iOS versions between 18.4 and 18.6.2. lookout It was built to silently break into iPhones, steal a sweeping range of personal information, and then vanish, leaving almost no trace behind.

What makes it especially alarming is the delivery mechanism. You don’t have to download a suspicious app. You don’t have to click a phishing link that looks obviously fake. Simply visiting a compromised legitimate website is enough to trigger the attack, a technique known as a watering hole attack. Even if a user needs to be lured to the site, social engineering defensive training is not effective since the infection URL is legitimate. lookout

“The infection URL is legitimate. Even security-aware users have no way to detect it.” - Lookout Threat Labs, March 2026

Who Is At Risk?

DarkSword specifically targets iPhones running iOS versions 18.4 through 18.6.2. If your phone is on any of these software versions and you haven’t updated yet, you may be vulnerable.

While the attacks observed so far have targeted Ukrainian users, particularly visitors to Ukrainian news sites and government websites, DarkSword’s use of exploits affecting newer iOS versions could potentially affect hundreds of millions of devices. lookout Any iPhone user on an affected iOS version should treat this as a personal concern.

People most at risk include iPhone users running iOS 18.4 through 18.6.2 who haven’t yet updated, people who use cryptocurrency apps like Coinbase, Binance, MetaMask, Ledger, and Trezor, journalists, activists, or government employees who may be of interest to foreign intelligence services, business professionals whose phones hold access to corporate email and files, and anyone who stores sensitive passwords, financial details, or private messages on their iPhone.

That last point deserves emphasis. DarkSword doesn’t just steal obvious targets like bank apps. It goes after your photos, your notes, your location history, your calendar, even your health data. For most people, a complete copy of everything on their phone would be deeply invasive, regardless of whether they consider themselves a “high-value” target.

What Does It Actually Steal?

Once DarkSword gets into a device, it takes a hit-and-run approach, collecting and exfiltrating targeted data within seconds or at most minutes, followed by cleanup. lookout Here is the full picture of what it is designed to take: saved passwords, emails from all accounts, photos and videos, iCloud Drive files, Telegram messages, WhatsApp messages, SMS and iMessages, your address book and contacts, call history, Safari browsing history and cookies, Wi-Fi network passwords, location and location history, notes, calendar events, health data, cryptocurrency wallet data, SIM and cellular information, and a list of all installed apps.

After all the data has been exfiltrated, the staged files are cleaned up and the process exits cleanly, lookout making it very difficult to know after the fact whether you were ever compromised.

Who Is Behind This?

The attackers have been given the designation UNC6353 by researchers, described as a likely Russian threat actor. lookout Here is what is known.

Researchers believe this group is likely connected to Russian intelligence interests, based on its targets (Ukrainian government and news sites) and tactics that mirror known Russian cyber operations. However, the group also targets cryptocurrency wallets, a clearly financially motivated target, indicating a dual-use approach that is an important insight into the threat actor’s motives. lookout

They are assessed to have access to a supply of high-quality iOS exploit chains, likely developed for tier-1 commercial surveillance vendors, indicating they are likely well funded and may have connections to exploit brokers such as Matrix LLC / Operation Zero. lookout They bought this weapon rather than building it themselves. Sophisticated cyberweapons are now available on a shadowy secondary market, putting nation-state-grade hacking tools into the hands of groups with money but not necessarily deep technical expertise.

Analysis of patterns suggests that AI tools were used in the creation of at least some of the implant code, and it appears probable that UNC6353 relied on AI support to add additional functionality to purchased tooling. lookout

Researchers assess that UNC6353 is a well-funded, well-connected but technically less sophisticated threat actor whose goals include both financial gain and espionage aligned with Russian intelligence requirements. lookout

How to Protect Yourself

Devices running the most recent versions of iOS (18.7.3 or later for iOS 18) are not susceptible to this threat or the vulnerabilities exploited by it. lookout Updating is the single most important thing you can do.

Beyond updating, here are practical steps to reduce your risk.

First, update your iPhone right now. Updating to iOS 18.7.3 or later closes the exact vulnerabilities DarkSword uses.

Second, enable automatic updates. Turn on automatic software updates so your phone stays protected without you having to remember. Go to Settings, then General, then Software Update, then Automatic Updates, and turn both toggles on.

Third, be cautious on unfamiliar websites. DarkSword spreads via compromised legitimate websites, so standard advice about avoiding suspicious links won’t always help. Minimizing browsing on unfamiliar sites, especially on public Wi-Fi, reduces exposure.

Fourth, secure your cryptocurrency. Cryptocurrency exchanges targeted by DarkSword include Coinbase, Binance, Kraken, Kucoin, OKX, and MEXC, and it also targets wallets such as Ledger, Trezor, MetaMask, Exodus, Uniswap, Phantom, and Gnosis Safe. lookout If you use any of these, treat this as a high-priority alert and consider moving funds to a hardware wallet not connected to any device.

Fifth, change critical passwords. If you believe your device may have been at risk, consider changing your most sensitive passwords, including email, banking, and crypto, from a separate updated device.

Sixth, consider enabling Lockdown Mode. If you are a high-risk individual such as a journalist, activist, executive, or government employee, Apple’s Lockdown Mode significantly reduces the attack surface on your device. Go to Settings, then Privacy and Security, then Lockdown Mode. Note that it restricts some features.

How to Update Your iPhone

Updating your iPhone takes less than 15 minutes in most cases. Here is exactly how to do it.

Step 1: Open the Settings app on your iPhone (the grey icon with gears).

Step 2: Scroll down and tap General.

Step 3: Tap Software Update. Your phone will check for available updates, which may take a moment.

Step 4: If an update is available, tap “Update Now,” or “Download and Install” if it hasn’t downloaded yet.

Step 5: Enter your iPhone passcode if prompted.

Step 6: Your iPhone will download the update and restart. Make sure you’re connected to Wi-Fi with at least 50% battery, or plug it in. The process typically takes 5 to 15 minutes.

Step 7: After the restart, go back to Settings, then General, then Software Update, to confirm you are now running iOS 18.7.3 or later.

As a bonus step, while in the Software Update screen, tap Automatic Updates and turn on both “Download iOS Updates” and “Install iOS Updates” so this happens on its own in future.

If your iPhone is too old to receive iOS 18, older devices may not receive security patches for newer vulnerabilities. If your device cannot update beyond iOS 16 or 17, consider speaking with your employer’s IT department or evaluating whether it may be time to upgrade your hardware.

The protection is available, free, and takes less time than making a cup of coffee. Share this with anyone who uses an iPhone.

Based on research published by Lookout Threat Labs, March 18, 2026. For informational purposes only. Always consult official sources for the latest guidance.

Tax season has always attracted scammers, but 2026 is shaping up to be a turning point. The scams targeting American taxpayers this year are not the clumsy, obvious schemes of the past. They are industrialized, AI-powered operations that can fool even careful, savvy people. Here is what you need to know to protect yourself.

YouTube Channel

The Numbers Are Staggering

Before diving into the specifics, it helps to understand the scale of the problem. The FBI’s Internet Crime Complaint Center recorded over 859,000 complaints in 2024, with total financial losses exceeding $16.6 billion, a 33% jump over the prior year. Scammers are also getting more efficient. The share of fraud attempts that resulted in an actual financial loss jumped from 27% to 38% in a single year, meaning nearly four in ten people who encountered a scam lost real money.

The Game-Changer: AI Voice Cloning

The most alarming development this tax season is the rise of AI-generated voices used to impersonate IRS agents, family members, and financial professionals. This technology has contributed to a reported 400% increase in successful voice phishing attempts.

How does it work? Scammers can now create a convincing synthetic replica of a real person’s voice using as little as a three-second audio sample, often pulled from public social media videos, podcasts, or even voicemail greetings. They then use that voice in high-pressure phone calls, spoofing official IRS caller ID numbers, to demand immediate payment for supposed back taxes.

What makes these calls so dangerous is that modern AI-synthesized voices include filler words, natural pauses, and shifting tones that make them essentially indistinguishable from a real human on a standard phone line. The old advice of simply listening carefully no longer applies.

What to do: If you receive an unexpected call from someone claiming to be the IRS, hang up and call the IRS directly using the number on their official website irs.gov. The real IRS initiates most contact through the U.S. Postal Service, not phone calls.

Don’t Believe Everything You See on TikTok

Social media has become a major pipeline for tax misinformation. Self-proclaimed tax influencers on platforms like TikTok and Instagram have been promoting fraudulent strategies, convincing followers they are eligible for credits the IRS is supposedly withholding from the public.

One of the most widespread examples is a fictitious “Self-Employment Tax Credit.” Promoters claim gig workers and self-employed individuals can receive payments of up to $32,000. No such credit currently exists. The actual pandemic-era credits they reference expired years ago, and scammers instruct victims to misuse tax forms by claiming credits based on income that does not qualify.

The cruel reality is that taxpayers who follow this bad advice are still fully liable for the taxes owed, plus interest and civil penalties, even if they genuinely believed the advice was legitimate.

What to do: If a tax tip seems too good to be true, verify it directly with a licensed CPA or on IRS.gov, not in a comment section.

Phishing Texts Are More Convincing Than Ever

Smishing, which refers to scam text messages, has become particularly effective because mobile browsers show far less of a URL than a desktop browser, making it much easier to disguise a fake website as a legitimate one.

Learn more about phishing scams here

A typical 2026 smishing attack follows a predictable pattern. A text claims your refund is approved or that there is unusual activity on your account. A link takes you to a convincing replica of the IRS website, where you are prompted to enter your Social Security Number and bank details. After collecting your information, the fake site often displays a placeholder page telling you to wait 24 hours, giving scammers time to move funds before you realize what happened.

What to do: Never click links in unsolicited tax-related texts. Go directly to IRS.gov by typing it into your browser.

Tax Professionals Are Targets Too

Scammers are not just going after individual filers. They are targeting the accountants and preparers who serve hundreds or thousands of clients at once. In what is known as the “new client” scam, a cybercriminal poses as a prospective client and sends a spearphishing email to a tax professional. Once the preparer responds, a malicious attachment installs malware that gives the attacker access to the firm’s entire client database.

Separately, “ghost preparers” continue to cause serious harm. These are unlicensed individuals who prepare returns for a fee but never sign them. Red flags include charging a percentage of your refund rather than a flat fee, refusing to provide their IRS Preparer Tax Identification Number, and asking you to sign a blank or incomplete return.

What to do: Always verify your preparer’s credentials at IRS.gov, and never sign an incomplete return.

Seniors Are Being Specifically Targeted

People over age 60 suffered the greatest financial losses from fraud in 2024, accounting for nearly $5 billion in reported losses. Scammers use threatening phone calls to claim that Social Security benefits will be suspended or that immediate arrest is imminent for unpaid taxes.

One particularly damaging tactic involves convincing seniors to withdraw from their retirement accounts to pay fake fines. That withdrawal then triggers a real tax liability, leaving the victim worse off on two fronts.

What to do: Talk to elderly family members about these tactics. Consider establishing a family code word to verify identity if anyone ever receives a suspicious call claiming to be from a relative in distress.

The Best Defense: Get an IP PIN

The single most effective step any taxpayer can take right now is enrolling in the IRS Identity Protection PIN program. This six-digit number prevents anyone from filing a tax return using your Social Security Number, even if a scammer already has your name, birthdate, and SSN. The IRS issues a new PIN every year, making previously stolen numbers useless. You can enroll at IRS.gov in just a few minutes.

The Bottom Line

The IRS will never demand payment via gift card or cryptocurrency, will never threaten immediate arrest over the phone, and will never use a synthetic voice to pressure you into action. When in doubt, slow down. The urgency that scammers manufacture is itself the weapon. Take a breath, hang up, and verify through official channels before doing anything with your money or personal information.