Google Discovers iOS Exploit Chain Targeting Multiple Cryptocurrency Exchange (CEX) and Wallet Applications

BlockBeats News, March 20th, according to Google Threat Intelligence Group monitoring, a iOS vulnerability exploit chain named DarkSword is targeting iPhone devices running iOS versions 14.4 to 14.7. The attackers are using compromised websites to deploy a malicious program named Ghostblade, which is specifically designed to search for and steal data from cryptocurrency CEX exchanges (including Coinbase, Binance, Kraken, Kucoin, OKX, MEXC) and wallet applications (including Ledger, Trezor, MetaMask, Exodus, Uniswap, Phantom, and Gnosis Safe).

In addition, Ghostblade also exfiltrates sensitive information such as SMS messages, iMessages, contacts, Wi-Fi passwords, geolocation, as well as chat histories from Telegram and WhatsApp. This malware is focused on rapid data theft, and it automatically deletes temporary files and terminates its operation after the collection is complete. Currently, related attack activities have been observed in Saudi Arabia, Turkey, Malaysia, and Ukraine.