Apple iOS Malware Targets Crypto Apps on Unpatched iPhones: Google – Decrypt

Google researchers have recognized an iOS exploit chain getting used within the wild that can be utilized to ship malware that particularly targets cryptocurrency apps on susceptible iPhones.

The exploit, dubbed DarkSword, leverages six vulnerabilities to deploy malware on units working iOS variations 18.4 by 18.7, in response to the analysis.

As soon as a consumer visits a malicious or compromised web site with a susceptible gadget, the exploit is used to deploy malware, together with a JavaScript-based knowledge stealer referred to as Ghostblade that actively seeks out main crypto alternate apps reminiscent of Coinbase, Binance, Kraken, Kucoin, OKX, and MEXC.

Ghostblade additionally hunts for fashionable crypto pockets functions together with Ledger, Trezor, MetaMask, Exodus, Uniswap, Phantom, and Gnosis Secure, whereas concurrently exfiltrating SMS and iMessage messages, name historical past, contacts, Wi-Fi passwords, Safari cookies and looking historical past, location knowledge, well being knowledge, photographs, saved passwords, and message historical past from Telegram and WhatsApp.

A number of actors are deploying the exploit, starting from business spyware and adware distributors to state-backed teams, with campaigns noticed in Saudi Arabia utilizing a faux Snapchat lookalike, and in Ukraine by compromised web sites together with a authorities website.

Ghostblade is designed for fast knowledge theft slightly than long-term surveillance—it collects all out there knowledge, then deletes its momentary information and terminates itself.

That is the most recent in a wave of malware concentrating on crypto customers, together with the Inferno Drainer malware that stole some $9 million from crypto customers over a six-month interval final yr, and a marketing campaign that noticed counterfeit Android smartphones pre-loaded with crypto-stealing malware.