Trust Wallet, a popular crypto wallet provider, has raised concerns for Apple users regarding a zero-day exploit circulating on the dark web. Priced at $2 million, this exploit poses a severe threat as it could grant hackers control over iPhones without user interaction. Trust Wallet advises users to disable iMessage based on credible intel to mitigate the risk.
Zero-day Scam Targeted at iOS Users, Trust Wallet CEO Warns
In a recent post on their X account, Trust Wallet warned iPhone and iOS users about a zero-day exploit discovered on the dark web, targeting Apple’s default messenger. This exploit, which has been present since the device’s inception, allows hackers to take control without any user interaction.
Threat intel detected an iOS iMessage zero-day exploit for sale in the Dark Web. It is a zero click exploit to take over control of the phone via iMessages. Its asking price is $2M. This would make sense for very high value individual targets, as more the zero-day is used,… https://t.co/KTKgW6uCuv pic.twitter.com/6ULRgVSxjc
— Eowync.eth (@EowynChen) April 15, 2024
According to a tweet from Trust Wallet CEO, a threat Intel was used to detect the iOS iMessage zero-day exploit for sale on the Dark Web. The crypto wallet provider recommends disabling iMessage from Apple settings until a fix is provided.
However, the source of this information and potential crypto losses remain unspecified. The National Institute of Standards and Technology (NIST) previously investigated the crypto wallet provider for security flaws.
UniSat, another Bitcoin wallet provider, also cautioned users about a fake iOS app. This comes after the crypto community faced the GoFetch vulnerability exploiting CPU cache bugs in Apple’s MacBook chips. According to gofetch.fail, GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).
