A New Crypto Predator Emerges: Google Exposes ‘Ghostblade’

bitcoinistPubblicato 2026-03-21Pubblicato ultima volta 2026-03-21

Introduzione

A new iOS malware called "Ghostblade," part of the DarkSword tool suite, has been exposed by Google Threat Intelligence. Designed to steal sensitive data from Apple devices, it targets cryptocurrency private keys, messages from iMessage, WhatsApp, and Telegram, as well as SIM details, location data, and media files. Ghostblade operates once, extracts information, and then deletes crash logs to avoid detection, leaving no persistent trace. This makes it particularly effective and hard to identify. The emergence of Ghostblade reflects a broader shift in cyberattacks toward individual crypto users rather than institutions. Although overall crypto hack losses dropped to around $50 million in February—down from $385 million the previous month—this decline is due to attackers shifting from code exploits to social engineering, phishing, and wallet poisoning schemes. The report underscores that high-value individual holders are increasingly targeted through deceptive websites and malware designed to operate quickly and discreetly.

Private crypto holders took the heaviest losses from hacking, phishing, and digital theft attempts in February 2026, according to blockchain intelligence firm Nominis — and a newly identified strain of iOS malware may explain part of why individual users have become the preferred target.

Designed To Strike Fast And Disappear

Google Threat Intelligence has identified a JavaScript-based malicious tool called Ghostblade, built specifically to hit Apple iOS devices, extract sensitive data, and go quiet before anyone notices.

The software is one of six tools bundled inside a broader package researchers are calling DarkSword. Together, the tools are engineered to steal cryptocurrency private keys, messaging data, and personal information from infected devices.

Ghostblade runs once, takes what it needs, and stops. No persistent background activity. No extra software required to make it work. That design makes it far harder to catch than malware that keeps running after an infection.

Source: Google

The tool also covers its tracks in a specific way. After it finishes, it wipes crash logs from the compromised device. Those logs are what Apple normally collects to identify software problems and flag suspicious activity. Without them, Apple receives no signal that anything went wrong.

What Ghostblade Can Actually Access

The scope of what Ghostblade can pull from a device is wide. Based on Google’s report, the malware is capable of reaching messages from iMessage, WhatsApp, and Telegram.

It can also collect SIM card details, location data, multimedia files, and system-level settings. For crypto users, the most direct threat is private key exposure — the kind of access that gives an attacker full control over a digital wallet with no way to reverse transactions once funds are moved.

Bitcoin is currently trading at $70,572. Chart: TradingView

The DarkSword suite represents a new chapter in browser-based attacks aimed at the crypto space, with Ghostblade serving as one of its most technically refined components.

Hackers Shift Focus From Code To People

Total losses from crypto-related hacks dropped sharply in February, falling to close to $50 million from $385 million the month before, Nominis data shows. But that decline does not signal a safer environment.

Reports indicate the drop reflects a change in method, not ambition. Attackers moved away from exploiting code vulnerabilities and toward phishing schemes, wallet poisoning, and other approaches that rely on tricking users rather than breaking systems.

Fake websites built to mirror legitimate platforms are a common vehicle. Users who land on them and interact with any element can have credentials and keys lifted without realizing it.

The Ghostblade alert from Google arrives against that backdrop — a reminder that high-value individual users, not just exchanges or protocols, are firmly in the crosshairs.

Featured image from Unsplash, chart from TradingView

Domande pertinenti

QWhat is the name of the newly identified iOS malware described in the article, and what is its primary function?

AThe malware is called Ghostblade. Its primary function is to extract sensitive data, such as cryptocurrency private keys, messaging data, and personal information, from infected Apple iOS devices and then go quiet to avoid detection.

QAccording to the article, what broader package is Ghostblade a part of, and what is the collective goal of its tools?

AGhostblade is one of six tools bundled inside a broader package called DarkSword. The collective goal of these tools is to steal cryptocurrency private keys, messaging data, and personal information from infected devices.

QHow does the Ghostblade malware avoid detection after it completes its task on a compromised device?

AGhostblade avoids detection by running only once, taking the data it needs, and then stopping with no persistent background activity. It also covers its tracks by wiping crash logs from the device, which prevents Apple from receiving signals that would normally flag suspicious activity.

QWhat specific types of data can the Ghostblade malware access on an infected device?

AGhostblade can access messages from iMessage, WhatsApp, and Telegram. It can also collect SIM card details, location data, multimedia files, system-level settings, and most critically for crypto users, private keys that control digital wallets.

QWhat trend in cyber attacks does the article highlight, as shown by the change in total crypto losses from January to February 2026?

AThe article highlights a trend where attackers are shifting their focus from exploiting code vulnerabilities to using methods that trick users, such as phishing schemes and wallet poisoning. This is evidenced by a sharp drop in total losses from $385 million in January to about $50 million in February, which reflects this change in method rather than a decrease in attacker ambition.

Letture associate

Trend in US Stocks: Jensen Huang's One Sentence Triggers $47 Billion Surge; Google Raises Funds for First Time in 20 Years

U.S. markets reached record highs on June 2nd, but the real story was the intensifying AI arms race, now pivoting from chip supremacy to a scramble for capital to fund compute infrastructure. The day highlighted two stark realities: Nvidia CEO Jensen Huang's endorsement of Marvell Technology as the "next trillion-dollar company" at Computex fueled a historic 32.5% surge, adding $47 billion to its value. Conversely, Alphabet announced its first equity raise in two decades—an $80 billion plan—signaling that even its massive cash flow can't keep pace with soaring AI capital expenditures, forecast to exceed $180 billion in 2026. While the S&P 500 closed above 7,600 for the first time, led by tech and semiconductor stocks (SOXX +5.79%), sector performance was mixed. Alphabet's 4% drop dragged down communications services, illustrating market anxiety over the unsustainable cost of the AI buildout. Hewlett Packard Enterprise soared 25% on stellar earnings, proving AI's benefits extend beyond chip designers to infrastructure providers. Beneath the index highs, concerns linger over extreme concentration in a few AI stocks and geopolitical tensions. The focus now shifts to upcoming economic data, particularly Friday's nonfarm payrolls, which could challenge the market's current "ignore rates, chase AI" mentality.

marsbit19 min fa

Trend in US Stocks: Jensen Huang's One Sentence Triggers $47 Billion Surge; Google Raises Funds for First Time in 20 Years

marsbit19 min fa

Variant: Bitcoin, Ethereum, and ZCash Highly Likely to Become Major Stores of Value

At Variant, our investment philosophy centers on enabling individuals to own their money, identity, and data. We believe all tokens fall into two categories: stores of value (SOV) or equity-like instruments. The SOV framework is particularly useful for evaluating Layer 1 (L1) blockchains, which are major monetary coordination protocols. A good store of value should possess: 1) Technical durability, 2) Scarcity, 3) Censorship resistance, 4) Economic productivity, 5) Strong memetics, and 6) Liquidity. The total addressable market for SOV assets is massive, with gold alone valued at $31 trillion. Three L1 assets stand out as prime candidates for becoming major stores of value: Bitcoin (BTC), Ethereum (ETH), and ZCash (ZEC). Bitcoin excels in memetic dominance as "digital gold." Ethereum demonstrates superior technical durability and adaptability through its upgradeable roadmap. ZCash offers exceptional censorship resistance and privacy via its shielded transactions. While digital SOVs outperform traditional ones like gold on many metrics, they still represent a small fraction of the overall SOV market, presenting a significant growth opportunity.

marsbit1 h fa

Variant: Bitcoin, Ethereum, and ZCash Highly Likely to Become Major Stores of Value

marsbit1 h fa

Can DeepSeek Save China One Trillion Dollars?

"DeepSeek and the $1 Trillion Infrastructure Question" The article examines whether DeepSeek's AI optimization breakthroughs could potentially save China $1 trillion in future AI infrastructure costs. The analysis begins with Nvidia's upcoming Vera Rubin AI platform, costing ~$7.8 million, where memory (HBM4/LPDDR5X) constitutes $2 million—a 435% cost increase in one year, highlighting how AI hardware spending is shifting toward expensive memory components. DeepSeek's approach works in the opposite direction. Through three key technical innovations showcased in DeepSeek V4, the company dramatically improves hardware efficiency: 1. **Memory Compression (MLA)**: Re-engineers the attention mechanism to compress long-context memory (KV Cache) by over 90%, drastically reducing expensive HBM usage. 2. **Selective Activation (MoE)**: Employs Mixture-of-Experts architecture where only a small fraction of parameters (e.g., 49B out of 1.6T in V4-Pro) are activated per token, allowing most parameters to reside in cheaper memory/SSD. 3. **Computation Caching**: Reuses previously computed results via cache hits, replacing expensive GPU computations with cheap memory reads. Combined, these optimizations allow the same hardware to produce approximately 4x more tokens, effectively reducing required hardware investment by 75%. DeepSeek's pricing reflects this: a 10-billion token workload costs ~$522 monthly versus ~$9,000-$10,000 for competitors. The $1 trillion savings projection stems from McKinsey's estimate that global AI infrastructure will require ~$5.2 trillion investment by 2030. As China's daily token consumption grows toward quadrillions, even marginal efficiency gains scale massively. With a conservative 4x throughput improvement, China could avoid building tens of thousands of AI data centers equivalent to ~7 trillion RMB ($1 trillion) in saved investment. Critically, this strategy shifts dependency from scarce, expensive GPU/HBM—where China lags—toward more accessible storage, caching, and systems engineering where domestic suppliers like CXMT are gaining strength. Rather than "replacing Nvidia," DeepSeek rebalances AI's value chain away from monolithic hardware dependency. Ultimately, DeepSeek's technical breakthroughs could lower the barrier to AI adoption across Chinese industries by making advanced capabilities affordable at scale—transforming who can access next-generation AI.

marsbit1 h fa

Can DeepSeek Save China One Trillion Dollars?

marsbit1 h fa

Overturning the Mainstream Approach to Hallucinations: Metacognition is the New Solution for Large Models to Break the Hallucination Barrier

This paper, "Hallucinations Undermine Trust; Metacognition is a Way Forward," proposes a paradigm shift in combating AI hallucination. It argues that the current mainstream approaches—striving for omniscience by scaling data/models or having AI abstain from uncertain answers—are fundamentally flawed. The former has inevitable knowledge gaps, while the latter imposes a crippling "utility tax," requiring the rejection of many correct answers to achieve high accuracy, due to models' poor "discrimination" (the ability to distinguish correct from incorrect answers internally). The core contribution is redefining hallucination not as "being wrong," but as "expressing false information with unwarranted certainty." The proposed solution is **Faithful Uncertainty** or **Metacognition**: enabling AI to accurately perceive its internal uncertainty and honestly express it in its language (e.g., using hedging phrases when unsure). This creates a more reliable assistant that provides useful information while signaling its confidence, minimizing harm from errors. The paper emphasizes that metacognition is critical for the era of AI Agents. Without it, Agents cannot intelligently decide when to use tools like search engines, leading to inefficiency and misuse. Key implementation challenges are highlighted: the "bootstrapping paradox" of training with static uncertainty data, the "alignment distortion signal" where human preference training suppresses internal uncertainty cues, and the difficulty of causally evaluating true metacognition vs. its superficial imitation. The paper concludes that the goal should not be an infallible AI, but one that is honest about the limits of its knowledge, thereby building user trust through transparent communication of its certainty.

marsbit1 h fa

Overturning the Mainstream Approach to Hallucinations: Metacognition is the New Solution for Large Models to Break the Hallucination Barrier

marsbit1 h fa

Hedge by Buying Gold and Oil, Chase Soaring Returns with AI. ‘Dated’ Bitcoin Enters a Bear Market

Bitcoin has recently declined, hitting a two-month low near $66,123, while Ethereum fell to a three-month low around $1,837. Analysts suggest the drop is not merely due to factors like ETF outflows or MicroStrategy's selling but reflects a deeper issue: Bitcoin is losing a broader asset competition. In a near-zero interest rate environment, Bitcoin previously thrived as an outlet for investor dissatisfaction with inflation and limited options. However, the market landscape has shifted. Bitcoin now occupies an "awkward middle ground," facing competition on three fronts. For inflation hedging, investors prefer gold, energy stocks, and commodity producers—assets with tangible backing and clearer pricing power. For growth exposure, AI-related companies with actual revenues and profits are more attractive. Even within crypto, investors can choose stablecoins, exchanges, or infrastructure firms tied directly to adoption, offering clearer business models and leverage. Thus, Bitcoin is no longer the top choice for hedging, growth, or crypto exposure. This shift is evident in market reactions: despite recent warnings about persistent inflation from a Fed official, Bitcoin did not rally as it might have in the past. Instead, capital flowed to assets with direct commodity or energy exposure. The recent ETF outflows and MicroStrategy sales are symptoms, not causes, of this new reality. Investors are becoming more selective, demanding clearer value propositions beyond mere scarcity. The emerging bear case for Bitcoin is not about it being a bubble or failed technology, but that scarcity alone is no longer sufficient.

华尔街日报1 h fa

Hedge by Buying Gold and Oil, Chase Soaring Returns with AI. ‘Dated’ Bitcoin Enters a Bear Market

华尔街日报1 h fa

Trading

Spot

Futures