Apple iOS Malware Targets Crypto Apps on Unpatched iPhones: Google
Google researchers discovered an active iOS exploit chain named DarkSword that targets cryptocurrency apps on iPhones running iOS versions 18.4 to 18.7. The exploit uses six vulnerabilities to install malware when a user visits malicious or compromised websites. Among the malware delivered is Ghostblade, a JavaScript-based data stealer focused on major crypto exchanges (Coinbase, Binance, Kraken, Kucoin, OKX, MEXC) and popular crypto wallets (Ledger, Trezor, MetaMask, Exodus, Uniswap, Phantom, Gnosis Safe). Ghostblade also exfiltrates sensitive user data, including SMS/iMessage content, call history, contacts, Wi-Fi passwords, Safari cookies and history, location and health data, photos, saved passwords, and message history from apps like Telegram and WhatsApp. Various actors, including commercial spyware vendors and state-sponsored groups, have been observed using DarkSword in attacks in countries such as Saudi Arabia and Ukraine. Ghostblade is optimized for rapid data theft, deleting temporary files and self-terminating after execution. This exploit is part of a larger trend of malware targeting cryptocurrency users, alongside recent incidents involving Inferno Drainer and malware-laden counterfeit Android devices.
