Google Identifies Ghostblade Malware Targeting iOS Devices with Stealing Capability

Ghostblade, a JavaScript-based malware discovered by Google's Threat Intelligence team, has been identified as a new crypto-stealing threat targeting Apple iOS devices. This malware is part of the DarkSword family, which uses browser-based tools to steal private keys and sensitive data from compromised devices.

The researchers describe Ghostblade as a transient threat that operates briefly on the device, reducing the likelihood of long-term device footholds and complicating detection. The malware can access messaging apps such as iMessage, Telegram, and WhatsApp, intercept conversations, credentials, and potentially sensitive attachments.

Ghostblade's design makes it harder to detect, as it does not require additional plugins and ceases operation once data extraction completes. The researchers note that the malware's ability to wipe crash reporting further obscures activity, complicating post-infection forensics for both victims and defenders.