Google Threat Intelligence has identified a up-to-date form of crypto-stealing malware called “Ghostblade” that targets Apple iOS devices and is part of the “DarkSword” suite of browser malware tools designed to steal private keys and other sensitive information.

Ghostblade is written in JavaScript and designed to steal data quickly. According to Google Threat Intelligence, cryptocurrency stealing malware activates, captures sensitive data from the compromised device and forwards it to malicious servers.

Threat researchers say the Ghostblade malware does not run 24/7 on a compromised device, does not require additional plug-ins to run, and stops working after data extraction, making it hard to detect.

The malware also contains code that removes crash reports from the affected device, preventing Apple from receiving them and flagging malware.

Ghostblade can access and forward message data from the iMessage texting app to Apple, Telegram and WhatsApp devices.

According to Google’s cybersecurity report, the malware can also steal SIM card information, identity, media and geolocation data, as well as access system settings.

DarkSword and its components are one of the latest cybersecurity threats identified by Google Threat researchers, shedding airy on the evolving methods used by malicious actors to steal cryptocurrencies and other valuable data from unsuspecting users.

Related: Google discovers iOS exploit kit used in crypto phishing attacks

Hacker attacks decline in February as malicious criminals begin to exploit human error

Losses from cryptocurrency hacks fell to $49 million in February, down sharply from $385 million in January, according to intelligence platform Nominis.

This decline reflects a shift from code-based cyber threats to crypto-phishing attempts, wallet poisoning attacks and other threat vectors that exploit human error, Nominis said in its report.

Phishing attempts typically employ imitation websites that are designed to appear legitimate. These imitation sites often employ URLs that are almost identical to the URLs of the legitimate sites they pretend to be in order to trick users into visiting them.

These sites contain malware that can steal private crypto-keys and other valuable data when a user accesses the site or clicks on any element of it.

Warehouse: WazirX hackers prepared 8 days before the attack, fraudsters counterfeited fiat for USDT: Asia Express

Cointelegraph is committed to independent and limpid journalism. This news article has been produced in accordance with Cointelegraph’s Editorial Policy and is intended to provide exact and up-to-date information. Readers are encouraged to verify the information themselves. Read our Editorial Policy https://cointelegraph.com/editorial-policy