Apple iPhone Hacking Kit Used By Spies, Crypto Scams Could Have US Intelligence Origins
Google’s Threat Intelligence Group (GTIG) identified a sophisticated iPhone hacking framework, “Coruna,” capable of infecting devices via malicious websites with no user interaction. Coruna uses five exploit chains and 23 vulnerabilities to target iOS 13 through 17.2.1, employing novel methods to bypass Apple’s security. The kit has been used for espionage and cryptocurrency theft, appearing on compromised websites linked to Russian espionage and Chinese-language financial scams. The malware deploys tailored exploits based on iPhone models and iOS versions, delivered through hidden iframes or scam sites, with code suggesting possible U.S. government origins. Researchers estimate at least 42,000 devices were compromised in one campaign. Apple has since patched the exploited vulnerabilities, rendering Coruna ineffective on the latest iOS versions. Users are strongly urged to update their devices and consider using Lockdown Mode for additional security.
