Google Threat Intelligence Discovers Ghostblade Malware Targeting iOS, Capable of Stealing Private Keys and Reading iMessages

Odaily Planet Daily reports that Google Threat Intelligence has identified a piece of malicious encryption theft software called Ghostblade, which affects Apple iOS devices. It is part of the browser-based malicious toolkit DarkSword, used to steal private keys and other sensitive information.

Google Threat Intelligence states that Ghostblade is written in JavaScript and is designed for rapid data theft. It activates after the device is compromised, captures sensitive data, and transmits it back to malicious servers.

Researchers mention that this malware does not run continuously on infected devices, requires no additional plugins, and stops working after data extraction. It also contains code to delete device crash reports to prevent Apple from receiving and flagging the malware. Ghostblade can access and forward messages from iMessage, Telegram, and WhatsApp, as well as steal SIM card information, personal data, multimedia, and location data, and access system settings.

Blockchain intelligence platform Nominis reports that in February, losses from crypto hacking attacks dropped to $49 million, a significant decrease from $385 million in January. The platform notes that this change reflects a shift in threats from code-based attacks to social engineering vectors such as crypto phishing and wallet poisoning, which exploit human error. Phishing often involves highly realistic fake websites and similar URLs to lure users into installing malware that can steal private keys and other data. (Cointelegraph)