Google Threat Intelligence has uncovered a new piece of crypto-stealing malware called Ghostblade, which targets Apple iOS devices. The malware is part of a broader suite of browser-based tools known as DarkSword, engineered to extract private keys and other sensitive information from compromised devices. Researchers describe Ghostblade as written in JavaScript and built for rapid data theft.
Once active on a device, Ghostblade quickly collects sensitive data and transmits it to malicious servers. Notably, the malware does not run continuously in the background and does not require additional plug-ins to operate. It ceases functioning after completing its data extraction, a design choice that makes it considerably harder to detect through conventional security monitoring.
The malware also contains code that removes crash reports from the affected device, preventing Apple from receiving diagnostic information that could flag the malicious software. This self-concealing behavior adds another layer of difficulty for both users and security systems attempting to identify the threat. The combination of rapid execution and trace removal makes Ghostblade a particularly stealthy tool.
In terms of data access, Ghostblade can retrieve messaging content from iMessage, Telegram, and WhatsApp. Beyond communications, it is also capable of stealing SIM card information, identity data, multimedia files, and geolocation details. The malware can additionally access system settings on the compromised device, according to the Google cybersecurity report.
DarkSword and its associated components represent some of the latest threats identified by Google’s researchers, highlighting the increasingly sophisticated methods used by malicious actors to target cryptocurrency holders. The discovery sheds light on how threat actors continue to evolve their toolkits to bypass existing security measures. Unsuspecting users remain the primary targets of such campaigns.
Separately, losses from crypto-related hacks fell to $49 million in February, a significant decline from $385 million recorded in January, according to blockchain intelligence platform Nominis. The firm attributes this drop to a shift away from code-based exploits toward phishing attempts, wallet poisoning attacks, and other methods that exploit human error rather than software vulnerabilities. This trend signals a changing landscape in how cybercriminals pursue digital assets.
Phishing campaigns typically rely on fake websites crafted to resemble legitimate platforms, often using web addresses nearly identical to those of the sites they imitate. These fraudulent pages embed malware capable of stealing crypto private keys and other valuable data when a user visits the site or interacts with any of its elements. As technical exploits become harder to execute, social engineering and deception-based attacks are becoming the preferred approach among bad actors.
Originally reported by CoinTelegraph.
