Google Threat Intelligence Group Says DarkSword iPhone Exploit Targets Crypto Wallet Apps
According to Google Threat Intelligence, Ghostblade is a JavaScript-based iOS crypto-stealing malware that can extract private keys and broad device data, while a separate report said February crypto hack losses dropped sharply from January.
Fact Check
The claim accurately reflects a real report from Google Threat Intelligence Group (GTIG). Multiple authoritative sources (Google Cloud, The Hacker News, Dark Reading) confirm the existence of the 'DarkSword' exploit chain, its target range (iOS 18.4 to 18.7), the 'GHOSTBLADE' malware payload, and its specific focus on extracting cryptocurrency wallet and exchange data.
Summary
Google Threat Intelligence said Ghostblade is a JavaScript-based iOS malware tied to the DarkSword campaign that targets private keys and other sensitive information on compromised iPhones. In addition to scanning crypto-related apps and services, Ghostblade can access iMessage, Telegram, WhatsApp, SIM data, identity information, multimedia, location, and system settings. Separately, Nominis reported that crypto hack losses in February fell to $49 million from $385 million in January.
Terms & Concepts
- private keys: Secret cryptographic credentials that control access to cryptocurrency holdings and authorize transactions.
- Malware: Malicious software designed to infiltrate devices, steal data, or perform unauthorized actions.
- MetaMask: A cryptocurrency wallet application used to manage digital assets and interact with blockchain-based services.