iPhone Spyware Coruna: How It Steals Crypto & Data

iPhone Spyware Coruna: How It Steals Crypto & Data

iPhone Spyware Coruna: How It Steals Crypto & Data

Security researchers have uncovered a dangerous shift in the use of the iPhone spyware Coruna, once linked to surveillance operations, now weaponized by cybercriminals to steal cryptocurrency and sensitive user data. This exploit framework, which targets vulnerabilities in older iOS versions, highlights the growing risk of government-grade hacking tools leaking into the criminal underground.

How Coruna Works

The exploit framework leverages multiple chains to compromise iPhones, often through malicious websites. By exploiting weaknesses in WebKit—the browser engine used by all iOS browsers—attackers can gain kernel-level access simply by visiting a compromised page. Once inside, malware can steal cryptocurrency wallets, login credentials, and personal files.

  • WebKit Targeting: Exploits vulnerabilities in iOS browsers
  • Privilege Escalation: Gains root access to install malware
  • Stealth Techniques: Bypasses Apple’s security protections

From Surveillance to Criminal Use

Originally detected in 2025 during a surveillance operation, Coruna resurfaced in a Russian intelligence campaign targeting Ukrainian websites. Now, it’s being reused by cybercriminals in attacks on Chinese-language crypto and gambling platforms. Researchers estimate 42,000 devices were infected in one campaign alone.

Key Indicators of Compromise

Malicious code was hidden in visitor-counting widgets and embedded in phishing sites. Once triggered, the framework installs malware that silently exfiltrates data to command-and-control servers.

Protecting Yourself Against Coruna

Apple has patched the vulnerabilities used by Coruna in recent iOS updates. However, users on older versions remain at risk. Follow these steps to stay secure:

  1. Update iOS: Install the latest security patches immediately
  2. Avoid Suspicious Links: Don’t click unknown web links
  3. Use Trusted Browsers: Stick to Apple’s Safari for critical tasks

Why This Matters for Cybersecurity

The Coruna case mirrors the infamous EternalBlue leak, where government tools became weapons for mass cyberattacks. Experts warn that exploit frameworks initially developed for intelligence agencies often end up in criminal hands through brokers or leaks.

What Users Should Know

While Apple’s security is robust, no system is immune. Regular updates and cautious browsing habits are your best defenses against evolving threats like Coruna.

Conclusion

The iPhone spyware Coruna represents a dangerous evolution in cybercrime. By repurposing sophisticated surveillance tools, attackers can now target millions of users. Stay vigilant, keep your device updated, and report suspicious activity to protect your data.

FAQs

1. What is the iPhone spyware Coruna?

Coruna is a hacking framework that exploits iOS vulnerabilities to steal cryptocurrency and personal data.

2. How does Coruna infect devices?

It uses malicious websites to trigger WebKit vulnerabilities in older iOS versions.

3. Can Apple stop Coruna?

Apple has patched known vulnerabilities, but new exploits may emerge. Always update your iOS.

4. Are all iOS users at risk?

Users on outdated iOS versions are most vulnerable. Update your device regularly.

5. What should I do if I suspect an infection?

Reset your device, update iOS, and contact a cybersecurity professional immediately.