A New Crypto Predator Emerges: Google Exposes ‘Ghostblade’

bitcoinistPublicado a 2026-03-21Actualizado a 2026-03-21

Resumen

A new iOS malware called "Ghostblade," part of the DarkSword tool suite, has been exposed by Google Threat Intelligence. Designed to steal sensitive data from Apple devices, it targets cryptocurrency private keys, messages from iMessage, WhatsApp, and Telegram, as well as SIM details, location data, and media files. Ghostblade operates once, extracts information, and then deletes crash logs to avoid detection, leaving no persistent trace. This makes it particularly effective and hard to identify. The emergence of Ghostblade reflects a broader shift in cyberattacks toward individual crypto users rather than institutions. Although overall crypto hack losses dropped to around $50 million in February—down from $385 million the previous month—this decline is due to attackers shifting from code exploits to social engineering, phishing, and wallet poisoning schemes. The report underscores that high-value individual holders are increasingly targeted through deceptive websites and malware designed to operate quickly and discreetly.

Private crypto holders took the heaviest losses from hacking, phishing, and digital theft attempts in February 2026, according to blockchain intelligence firm Nominis — and a newly identified strain of iOS malware may explain part of why individual users have become the preferred target.

Designed To Strike Fast And Disappear

Google Threat Intelligence has identified a JavaScript-based malicious tool called Ghostblade, built specifically to hit Apple iOS devices, extract sensitive data, and go quiet before anyone notices.

The software is one of six tools bundled inside a broader package researchers are calling DarkSword. Together, the tools are engineered to steal cryptocurrency private keys, messaging data, and personal information from infected devices.

Ghostblade runs once, takes what it needs, and stops. No persistent background activity. No extra software required to make it work. That design makes it far harder to catch than malware that keeps running after an infection.

Source: Google

The tool also covers its tracks in a specific way. After it finishes, it wipes crash logs from the compromised device. Those logs are what Apple normally collects to identify software problems and flag suspicious activity. Without them, Apple receives no signal that anything went wrong.

What Ghostblade Can Actually Access

The scope of what Ghostblade can pull from a device is wide. Based on Google’s report, the malware is capable of reaching messages from iMessage, WhatsApp, and Telegram.

It can also collect SIM card details, location data, multimedia files, and system-level settings. For crypto users, the most direct threat is private key exposure — the kind of access that gives an attacker full control over a digital wallet with no way to reverse transactions once funds are moved.

Bitcoin is currently trading at $70,572. Chart: TradingView

The DarkSword suite represents a new chapter in browser-based attacks aimed at the crypto space, with Ghostblade serving as one of its most technically refined components.

Hackers Shift Focus From Code To People

Total losses from crypto-related hacks dropped sharply in February, falling to close to $50 million from $385 million the month before, Nominis data shows. But that decline does not signal a safer environment.

Reports indicate the drop reflects a change in method, not ambition. Attackers moved away from exploiting code vulnerabilities and toward phishing schemes, wallet poisoning, and other approaches that rely on tricking users rather than breaking systems.

Fake websites built to mirror legitimate platforms are a common vehicle. Users who land on them and interact with any element can have credentials and keys lifted without realizing it.

The Ghostblade alert from Google arrives against that backdrop — a reminder that high-value individual users, not just exchanges or protocols, are firmly in the crosshairs.

Featured image from Unsplash, chart from TradingView

Preguntas relacionadas

QWhat is the name of the newly identified iOS malware described in the article, and what is its primary function?

AThe malware is called Ghostblade. Its primary function is to extract sensitive data, such as cryptocurrency private keys, messaging data, and personal information, from infected Apple iOS devices and then go quiet to avoid detection.

QAccording to the article, what broader package is Ghostblade a part of, and what is the collective goal of its tools?

AGhostblade is one of six tools bundled inside a broader package called DarkSword. The collective goal of these tools is to steal cryptocurrency private keys, messaging data, and personal information from infected devices.

QHow does the Ghostblade malware avoid detection after it completes its task on a compromised device?

AGhostblade avoids detection by running only once, taking the data it needs, and then stopping with no persistent background activity. It also covers its tracks by wiping crash logs from the device, which prevents Apple from receiving signals that would normally flag suspicious activity.

QWhat specific types of data can the Ghostblade malware access on an infected device?

AGhostblade can access messages from iMessage, WhatsApp, and Telegram. It can also collect SIM card details, location data, multimedia files, system-level settings, and most critically for crypto users, private keys that control digital wallets.

QWhat trend in cyber attacks does the article highlight, as shown by the change in total crypto losses from January to February 2026?

AThe article highlights a trend where attackers are shifting their focus from exploiting code vulnerabilities to using methods that trick users, such as phishing schemes and wallet poisoning. This is evidenced by a sharp drop in total losses from $385 million in January to about $50 million in February, which reflects this change in method rather than a decrease in attacker ambition.

Lecturas Relacionadas

GSR Launches Multi-Asset Crypto ETF With Staking Yields

GSR, an institutional crypto trading platform, has launched its first crypto exchange-traded fund, the Crypto Core3 ETF (BESO), which began trading on Nasdaq. The fund provides exposure to Bitcoin, Ethereum, and Solana and offers staking yields, along with a dynamic allocation strategy to maximize returns. On its first trading day, BESO saw approximately $4.8 million in activity. The ETF charges a 1% management fee and will rebalance its allocations weekly based on research-driven signals. GSR, founded by ex-Goldman Sachs traders, aims to reach more investors through this entry into the crypto ETF market, which has seen growing interest from major financial firms like Morgan Stanley and Goldman Sachs.

TheNewsCryptoHace 32 min(s)

GSR Launches Multi-Asset Crypto ETF With Staking Yields

TheNewsCryptoHace 32 min(s)

Yao Shunyu's 88 Days

Yao Shunyu, a 27-year-old AI expert with a background from Princeton and OpenAI, joined Tencent in September 2025. Within 88 days, he led a major overhaul of Tencent’s AI strategy and organization, resulting in the release of Hunyuan Hy3 preview—a MoE model with 295B total parameters and 21B active parameters, supporting up to 256K context length. The launch came after Tencent leadership, including CEO Ma Huateng and President Martin Lau, openly criticized Hunyuan's earlier underperformance—citing slow development, over-reliance on superficial benchmark optimization, and poor generalization in real-world applications. Internal adoption was low, with key business units like WeChat and gaming seeking external AI solutions. Yao reshaped Tencent’s AI approach by integrating previously siloed teams, dissolving the ten-year-old Tencent AI Lab, and establishing new units focused on AI infrastructure and data. Hy3 preview was developed using co-design principles, closely aligned with product teams to ensure practical usability from the start. It has already been integrated into core products like Yuanbao, QQ, and enterprise tools. The release signals a shift from chasing rankings to building usable, scalable AI grounded in Tencent’s ecosystem. While external partnerships (like with DeepSeek and OpenClaw) helped retain users temporarily, the focus is now on making Hunyuan a reliable internal foundation. The real test lies in sustaining this new organizational momentum amid fierce competition from Alibaba, DeepSeek, and others.

marsbitHace 56 min(s)

marsbitHace 56 min(s)

a16z: How Blockchain Fills the Gaps in AI Agent Identity, Payments, and Trust?

AI Agents are rapidly evolving from tools into autonomous economic participants, but they lack standardized ways to prove identity, authorization, and payment across environments. Blockchain infrastructure addresses these gaps by providing portable identities via wallets, programmable payments through stablecoins, and auditable transaction records on public ledgers. Key challenges include the absence of a universal identity layer (like "KYA" – Know Your Agent) for non-human entities, governance risks when AI systems control critical resources, and the need for trustless payment systems for agent-to-agent commerce. Emerging solutions include on-chain agent registries, encrypted credentials, and crypto-native toolkits that enable delegated authority and verifiable execution. Stablecoins and embedded payment protocols (e.g., x402) are enabling a new class of "headless merchants" where agents transact without human intervention. Trust shifts from manual oversight to cryptographic verification, as scalability demands automated accountability. Ultimately, blockchain allows agents to operate as permissionless economic actors while preserving user control through programmable constraints and transparent governance.

marsbitHace 1 hora(s)

a16z: How Blockchain Fills the Gaps in AI Agent Identity, Payments, and Trust?

marsbitHace 1 hora(s)

Exploring Physical World AGI with "Visual Reasoning", ElorianAI Raises $55 Million

ElorianAI, co-founded by ex-Google AI expert Andrew Dai and former AI specialist Yinfei Yang, has raised $55 million in early funding to develop next-generation AI systems with advanced visual reasoning capabilities. While current large models excel in text-based tasks like programming and math, they perform poorly in visual reasoning—even top models like Gemini only match a 3-year-old’s ability in basic visual benchmarks. The key limitation lies in the architecture of current vision-language models (VLMs), which first convert visual inputs into text before reasoning, losing critical spatial and structural information. ElorianAI aims to build a native multimodal model that processes and reasons directly in visual space, enabling deeper understanding of physical relationships, constraints, and environments. The company plans to release a state-of-the-art visual reasoning model by 2026, with potential applications in robotics, disaster management, engineering, healthcare, and AI hardware. By using high-quality, diverse, and synthetically generated data, ElorianAI intends to create models that don’t just perceive but truly understand and reason about the physical world—bringing us closer to visual AGI.

marsbitHace 1 hora(s)

Exploring Physical World AGI with "Visual Reasoning", ElorianAI Raises $55 Million

marsbitHace 1 hora(s)

This Time, OpenAI Eliminated 90% of Human Designers

OpenAI's latest release, GPT-Image 2, marks a paradigm shift in AI-generated imagery, moving beyond aesthetic quality to logical reasoning and contextual understanding. The model introduces a "thinking mode," where it performs background reasoning—such as mathematical calculations and geographic knowledge—before generating images. This enables highly accurate and context-aware outputs, like a livestream overlay showing precise distance metrics or a brand-aligned poster design. The model excels in rendering Chinese text with remarkable accuracy and aesthetic quality, a significant improvement over previous versions. It supports multi-turn conversational editing via the new Responses API, allowing iterative refinements similar to chatting with a large language model. While GPT-Image 2 demonstrates unprecedented capabilities in commercial applications like marketing material and illustration—potentially displacing many human designers due to its cost efficiency—it still has limitations. Minor artifacts in fine text details persist, and complex prompts can cause extended processing times. Additionally, the technology raises ethical concerns around deepfakes and digital trust. Overall, GPT-Image 2 transitions AI image generation from a novelty to a powerful production-ready tool, redefining industry standards and pushing the boundary of what’s possible in visual AI.

marsbitHace 2 hora(s)

This Time, OpenAI Eliminated 90% of Human Designers

marsbitHace 2 hora(s)

Trading

Spot

Futuros