|
Getting your Trinity Audio player ready...
|
- A new exploit kit called Coruna targets iPhones to steal crypto wallet seed phrases.
- Attackers use fake finance websites to deploy the malware and scan devices for wallet data.
- Updating to the latest iOS version or enabling Lockdown Mode can prevent the exploit.
A newly discovered iPhone exploit kit is raising alarm among cybersecurity researchers after it was found targeting cryptocurrency users. According to the Google Threat Intelligence Group (GTIG), the toolkit—called Coruna—is designed to compromise Apple devices and search for sensitive financial data, including crypto wallet seed phrases.
Researchers say the attack chain specifically targets iPhones running iOS versions 13.0 through 17.2.1 and uses multiple sophisticated vulnerabilities to gain access to device data. While the exploit does not affect the newest iOS version, experts warn that users running older software remain at risk.
Exploit Kit Uses Multiple iOS Vulnerabilities
The Coruna toolkit contains five complete exploit chains and 23 individual vulnerabilities, some of which had not been publicly disclosed before the investigation. GTIG researchers first detected elements of the exploit in February 2025, when malicious code was found fingerprinting devices to determine whether they were vulnerable.
The attack relies on a JavaScript framework that identifies iPhone models, software versions, and location data before delivering the correct exploit. This selective targeting makes the attack harder to detect and more effective against specific victims.
Security researchers believe the toolkit was initially used by a suspected Russian espionage group targeting Ukrainian users. Later, similar infrastructure appeared across a network of fraudulent financial websites designed to lure crypto investors.
Fake Crypto Websites Used to Steal Wallet Data
The investigation revealed that the exploit kit was embedded in numerous fake finance-related websites, including pages impersonating the crypto exchange WEEX.
When an iPhone user visits one of these sites, the malicious framework deploys the exploit chain and begins searching the device for valuable information. Researchers say the malware scans text messages and other stored data for phrases commonly linked to crypto wallets, such as “backup phrase” or “seed phrase.”
The exploit also attempts to identify installed crypto applications like MetaMask and Uniswap, potentially enabling attackers to extract sensitive wallet data or gain access to digital assets.
Debate Over Possible Government Origins
Some cybersecurity experts believe the exploit kit may have originally been developed by a surveillance vendor before being repurposed by other actors. Researchers at iVerify told media outlets that the tool’s complexity and cost suggest it may have links to government-grade cyber capabilities.
However, other experts dispute that claim. Analysts at Kaspersky say they found no clear evidence that the code matches previously attributed government tools, leaving the exploit’s origins uncertain.
Also Read: Cardano’s Midnight Teams Up With Google Cloud: Privacy Revolution Coming?
Researchers emphasize that the exploit does not work on the latest iOS versions, making software updates the most effective defense. Users who cannot immediately upgrade are advised to enable Apple’s Lockdown Mode, a security feature designed to reduce the risk of advanced spyware attacks.
The discovery highlights a growing trend of cybercriminals targeting crypto users directly through mobile devices. As digital assets become more mainstream, security experts warn that seed phrases and wallet credentials will remain prime targets for sophisticated hackers.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
I’m a crypto enthusiast with a background in finance. I’m fascinated by the potential of crypto to disrupt traditional financial systems. I’m always on the lookout for new and innovative projects in the space. I believe that crypto has the potential to create a more equitable and inclusive financial system.
