Google Threat Intel flags 'Ghostblade' crypto-stealing malware

Ghostblade is one of six malware tools in the "DarkSword" suite of malicious software designed to steal crypto private keys and user data.

Google Threat Intelligence has identified a new form of crypto-stealing malware called “Ghostblade” that affects Apple iOS devices and is part of the “DarkSword” suite of browser-based malware tools designed to steal private keys and other sensitive information.

Ghostblade is written in JavaScript and designed for rapid data theft. The crypto-stealing malware activates, grabs sensitive data from the compromised device, and relays it to malicious servers, according to Google Threat Intelligence.

The Ghostblade malware does not run 24/7 on the compromised device, does not require extra plug-ins to function, and stops functioning after extracting data, making it more difficult to detect, the threat researchers said.

The malware also includes code that deletes crash reports from the compromised device, preventing Apple from receiving them and flagging the malicious software.

Ghostblade can access and relay messaging data from the iMessage texting application for Apple devices, Telegram and WhatsApp.

The malicious software can also steal SIM card information, identity, multimedia and geolocation data, and access system settings, according to the Google cybersecurity report.

DarkSword and its components are one of the latest cybersecurity threats identified by Google Threat researchers, shedding light on the evolving methods used by malicious actors to steal crypto and other valuable data from unsuspecting users.

Related: Google uncovers iOS exploit kit used in crypto phishing attacks

Losses from crypto hacks fell to $49 million in February, a sharp decrease from $385 million in January, according to blockchain intelligence platform Nominis.

This drop reflects a pivot from code-based cyber threats to crypto phishing attempts, wallet poisoning attacks and other threat vectors that take advantage of human error, Nominis said in its report.

Phishing attempts typically use fake websites designed to look legitimate. These fake websites often use URLs that are nearly identical to the legitimate sites they masquerade as, tricking users into visiting them.

These sites embed malware that can steal crypto private keys and other valuable data when a user accesses the site or clicks any of its elements. 

Magazine: WazirX hackers prepped 8 days before attack, swindlers fake fiat for USDT: Asia Express

Source: CoinTelegraph