CP
cyberpings
Malware & RansomwareHIGH

Coruna iOS Kit - New Mass Attacks Using Triangulation Code

THThe Hacker News
CorunaiOSOperation TriangulationPlasmaLoaderCVE-2023-32434
🎯

Basically, a new hacking tool is using old tricks to attack many iPhones.

Quick Summary

The Coruna iOS exploit kit is using old Triangulation code for new mass attacks. Millions of iPhone users are at risk as cybercriminals exploit these vulnerabilities. Stay updated and vigilant to protect your devices.

What Happened

The Coruna iOS exploit kit has emerged as a significant threat, utilizing updated code from the 2023 Operation Triangulation campaign. This exploit kit targets Apple iPhones running iOS versions between 13.0 and 17.2.1. Kaspersky's findings reveal that the kernel exploits within Coruna are not just rehashed versions of previous exploits but rather a sophisticated evolution of the original framework. The kit has been linked to mass exploitation campaigns, including attacks on users visiting compromised websites.

Initially, Coruna was thought to be a standalone tool. However, recent investigations have shown that it shares core components with the Triangulation campaign, indicating a common authorship. The exploit kit is now being used indiscriminately, moving from targeted espionage to broader cybercriminal activities. This shift significantly increases the risk for millions of users with unpatched devices.

Who's Being Targeted

The target audience for the Coruna exploit kit includes users of Apple iPhones, particularly those with outdated iOS versions. The kit has been utilized in watering hole attacks, particularly focusing on users in Ukraine and those visiting fake gambling and cryptocurrency websites. This broad targeting strategy suggests that the attackers are not just after specific individuals but aim to compromise as many devices as possible.

The involvement of a suspected Russia-aligned nation-state actor raises concerns about the potential for further geopolitical implications. As this exploit kit gains traction, it could empower various cybercriminals to launch similar attacks, increasing the threat landscape significantly.

Signs of Infection

Users should be vigilant for several signs that may indicate an infection from the Coruna exploit kit. These include:

  • Unexpected behavior from apps or the operating system.
  • Unusual data usage or battery drain.
  • Notifications for app installations that were not initiated by the user.

If you notice any of these signs, it is crucial to take immediate action. The exploit kit operates by serving tailored exploits based on the user's browser and operating system, making it difficult to detect until after the infection has occurred.

How to Protect Yourself

To safeguard against the Coruna exploit kit and similar threats, users should take proactive measures:

  • Update your iOS: Always ensure your device is running the latest version of iOS to mitigate vulnerabilities.
  • Avoid suspicious websites: Be cautious when visiting unfamiliar sites, especially those related to gambling or cryptocurrency.
  • Use security software: Employ reputable mobile security solutions that can detect and block potential threats.

As the landscape of mobile malware evolves, staying informed and vigilant is essential. The Coruna exploit kit exemplifies the ongoing risk posed by advanced malware, making it imperative for users to adopt robust security practices.

🔒 Pro insight: The reuse of exploit code indicates a trend where sophisticated tools become accessible to a wider range of threat actors, increasing overall risk.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malware - Researchers Discover WebRTC Payment Skimmer

A new WebRTC skimmer has been discovered, allowing attackers to steal payment data while bypassing traditional security measures. E-commerce sites are at risk, making it crucial for businesses to enhance their defenses against this sophisticated malware.

Security Affairs·
HIGHMalware & Ransomware

RedLine Infostealer - Suspected Admin Extradited to US

A suspect in the RedLine infostealer malware case has been extradited to the US. Hambardzum Minasyan faces serious charges for his role in the operation. This highlights ongoing efforts to combat cybercrime globally. Stay vigilant against such threats.

BleepingComputer·
HIGHMalware & Ransomware

Pay2Key Ransomware - Iran-Linked Group Resurfaces with Tactics

The Iranian Pay2Key ransomware group is back, targeting US healthcare providers with advanced tactics. Their resurgence amid geopolitical tensions raises significant risks for various sectors. Organizations must stay vigilant and proactive to defend against these evolving threats.

Infosecurity Magazine·
HIGHMalware & Ransomware

RedLine Malware - Alleged Administrator Extradited to US

Hambardzum Minasyan has been extradited to the US for his role in the RedLine malware operation. This malware steals sensitive information from users. His actions highlight the ongoing threat posed by infostealer malware in today's digital landscape.

SecurityWeek·
HIGHMalware & Ransomware

Kiss Loader Malware - New Threat Using APC Injection Detected

Kiss Loader malware has been detected, using advanced techniques to infiltrate Windows systems. Users are at risk if they open unverified files. Security teams must act quickly to mitigate this threat.

Cyber Security News·
HIGHMalware & Ransomware

WebRTC Skimmer - Bypasses CSP to Steal Payment Data

A new WebRTC skimmer is stealing payment data from e-commerce sites by bypassing security controls. This malware exploits vulnerabilities in Magento, affecting many online stores. Site owners must act quickly to protect their customers and secure their platforms.

The Hacker News·