Coruna Exploit Kit Transforms from Spy Tool to Criminal Campaign
Basically, a hacking tool for spying is now being used by criminals to steal money from iPhones.
A newly discovered exploit kit, Coruna, has shifted from surveillance to mass criminal use. iPhone users are at risk as cybercriminals leverage this tool to steal cryptocurrency. Stay vigilant and protect your devices from potential threats.
What Happened
A new threat has emerged in the cybersecurity landscape, and it’s making waves. The Coruna exploit kit, initially designed for surveillance, has been repurposed by various cybercriminals to target iPhones. Google’s threat intelligence team uncovered this alarming shift, revealing a sophisticated toolkit that has changed hands from a commercial surveillance vendor to suspected Russian and Chinese hackers.
The Coruna kit contains five complete exploit chains, specifically targeting iPhones running iOS versions from 13.0 to 17.2.1. This means it can affect devices released between September 2019 and December 2023. The toolkit’s flexibility allows it to exploit newly identified vulnerabilities, making it a dangerous asset in the hands of malicious actors.
Researchers first detected elements of Coruna in February 2025, when it was being used by a customer of an unnamed surveillance company. By the summer, a suspected Russian espionage group, known as UNC6353, had repurposed it for attacks on compromised Ukrainian websites. By the end of the year, it was being used by UNC6691, a Chinese group, to target a broader audience through fake financial websites.
Why Should You Care
This situation is concerning for anyone using an iPhone. Imagine your phone is like a wallet, and this exploit kit is a thief with a master key. If you visit a compromised site, your personal data, including cryptocurrency wallet credentials, could be stolen without you even knowing. The implications extend beyond just individual users; businesses and organizations could also be at risk, especially if they handle sensitive financial information.
The fact that this exploit kit has evolved from a targeted surveillance tool to a mass criminal campaign highlights a troubling trend in the cybersecurity world. It shows how easily powerful hacking tools can fall into the wrong hands, potentially affecting millions of users. Your security is only as strong as the tools protecting it.
What's Being Done
In response to this growing threat, Google’s Threat Intelligence Group is actively monitoring the situation and collaborating with cybersecurity agencies like Ukraine’s CERT-UA to mitigate the risks. Here are some immediate steps you can take:
- Keep your iOS updated: Ensure your device is running the latest version of iOS to protect against known vulnerabilities.
- Be cautious with links: Avoid clicking on suspicious links or visiting untrusted websites, especially those claiming to be financial services.
- Use security tools: Consider using mobile security applications that can provide an additional layer of protection.
Experts are keeping a close eye on the evolving landscape of exploit kits and the actors behind them. The emergence of Coruna serves as a stark reminder of the vulnerabilities inherent in our digital lives and the need for constant vigilance.
CSO Online