Google Threat Intelligence has identified a new crypto‑stealing malware called Ghostblade that targets Apple iOS devices. Ghostblade is part of the DarkSword family — a set of browser‑based tools written in JavaScript designed to harvest private keys and other sensitive data and rapidly exfiltrate it to attacker‑controlled servers.
According to researchers, Ghostblade operates briefly rather than persistently. It requires no additional plug‑ins, activates to collect data, transmits the information, and then stops running. That short-lived behavior, paired with built‑in routines that remove crash reports from the device, reduces telemetry and makes detection and incident response more difficult.
Capabilities attributed to Ghostblade include harvesting messaging data from iMessage, Telegram and WhatsApp, reading certain system settings, collecting SIM card details and identity information, copying multimedia files, and capturing geolocation data. The JavaScript‑based, browser‑focused approach reflects an attacker preference for covert exploits that run in or through web contexts rather than traditional native malware.
Google’s findings place Ghostblade and DarkSword in a broader trend: threat actors increasingly favor browser‑based exploits and stealthy JavaScript tooling to drain wallets and steal credentials. These techniques can be combined with social‑engineering campaigns to increase reach and success.
Separately, blockchain intelligence firm Nominis reported a sharp decline in reported crypto hack losses, from $385 million in January to $49 million in February. Nominis attributes the drop to a shift away from large-scale code exploits toward social engineering vectors — including phishing, wallet‑poisoning schemes and other attacks that exploit human error. Phishing often relies on convincing counterfeit sites that prompt users to enter private keys or interact with malicious pages that capture credentials; private individuals remain the most frequent victims.
Cointelegraph produced this report following its editorial standards. Readers are encouraged to independently verify details and follow security best practices, such as keeping devices updated, avoiding suspicious links, and using hardware wallets or other strong key management methods to protect crypto assets.