Google warns of Ghostblade iOS crypto‑stealing malware

Google Threat Intelligence has identified a new crypto‑stealing malware called Ghostblade that targets Apple iOS devices. Part of the DarkSword suite of browser‑based tools, Ghostblade is written in JavaScript and designed for rapid data theft: it activates, extracts sensitive information from the compromised device and relays it to malicious servers.

The malware is stealthy by design — it does not run continuously, requires no extra plug‑ins and typically stops functioning after it has exfiltrated data. Ghostblade also contains code to delete crash reports so Apple does not receive them. It can access messaging data from iMessage, Telegram and WhatsApp, and can steal SIM card details, identity information, multimedia, geolocation data and system settings.

Google says DarkSword and its components are among the latest threats targeting iOS.

ghostblade, darksword, ios, apple, javascript, crypto stealing, malware, data exfiltration, imessage, sim card