Google Threat Intelligence has identified a new crypto‑stealing malware called “Ghostblade,” targeting Apple iOS devices and forming part of the “DarkSword” suite of browser‑based tools built to steal private keys and other sensitive data. Ghostblade is written in JavaScript and engineered for rapid data exfiltration: it activates, harvests sensitive information from the compromised device, and sends it to attacker‑controlled servers.
Researchers say Ghostblade does not run continuously on infected devices, requires no additional plug‑ins, and ceases operation after extracting data—behaviors that make detection more difficult. The malware also contains code to delete crash reports from the device, preventing Apple from receiving signals that might flag the compromise.
Ghostblade can access and relay messaging data from iMessage, Telegram and WhatsApp. It can also steal SIM card details, identity information, multimedia, geolocation data, and read certain system settings.
DarkSword and its components represent a broader set of evolving threats Google Threat Intelligence has been tracking, highlighting how attackers increasingly use browser‑based exploits and covert JavaScript to drain wallets and harvest credentials.
Separately, blockchain intelligence provider Nominis reported a drop in losses from crypto hacks to $49 million in February, down sharply from $385 million in January. Nominis attributes the decline to a shift away from code‑based attacks toward social‑engineering vectors such as crypto phishing, wallet‑poisoning attacks and other schemes that exploit human error.
Phishing campaigns commonly use fake sites that closely mimic legitimate services and can embed malware that captures private keys and other valuable data when users interact with the pages. Private users remain the primary victims of these campaigns.
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy