Sommaire
- 1 A spy-grade iOS toolkit that’s gone mainstream
- 2 Why Coruna is so hard to defend against
- 3 How it goes after crypto wallets
- 4 What it means for businesses—and anyone with an iPhone
- 5 What researchers and governments are doing about it
- 6 How to protect yourself right now
- 7 Key Takeaways
- 8 Frequently Asked Questions
- 9 Sources
A sophisticated iPhone hacking toolkit known as “Coruna” is raising alarms in the cybersecurity world because it’s built to siphon data from crypto wallet apps—and it may work against a wide swath of iPhones running iOS 13 through iOS 17.2.1.
Security researchers say the threat isn’t a one-off bug or a lone hacker’s trick. Coruna is a modular exploit kit—more like a product than a single attack—designed to quietly break in, grab sensitive information, and ship it back to attacker-controlled servers.
If you haven’t updated your iPhone lately, this is the kind of warning you don’t want to ignore—especially if you use apps like MetaMask, Trust Wallet, or Exodus.
A spy-grade iOS toolkit that’s gone mainstream
Coruna didn’t start as everyday cybercrime. Researchers first spotted it in targeted surveillance-style operations—the kind typically associated with nation-state hacking—before it showed up in broader campaigns, including so-called “watering hole” attacks that booby-trap websites frequented by specific groups of people.
That evolution matters. It’s a familiar pattern in cybersecurity: tools built for espionage don’t stay exclusive for long. Once techniques leak, get resold, or get repackaged, financially motivated criminals move in.
Why Coruna is so hard to defend against
Researchers describe Coruna as a modular system with specialized components aimed at extracting data from particular apps. That design makes it flexible: attackers can swap in new modules, update capabilities, and tailor theft to whatever’s most valuable.
Coruna also appears to lean heavily on weaknesses in WebKit, the browser engine behind Apple’s Safari and many in-app browsers on iOS. That’s a key detail because it means a malicious web page can be more than a nuisance—it can be an entry point.
Some of the exploits tied to Coruna are publicly known, while others haven’t been widely cataloged in standard vulnerability databases. The mix increases the odds it can hit multiple iOS versions and device types.
How it goes after crypto wallets
Crypto wallets are a prime target because they can provide direct access to money. Coruna’s wallet-focused modules are designed to intercept sensitive data from popular apps, including MetaMask, Trust Wallet, and Exodus, according to researchers tracking the toolkit.
One technique described by analysts involves “hooking”—redirecting or intercepting system and app functions so the attacker can capture data as it’s handled. Once collected, the information is exfiltrated to attacker infrastructure, often obscured behind encryption and evasive tactics meant to dodge detection.
Experts following Coruna say its efficiency and stealth put it among the more advanced mobile attack toolkits currently circulating.
What it means for businesses—and anyone with an iPhone
For companies, Coruna is a two-front problem: it can expose sensitive corporate data on employee devices and trigger reputational damage if customer information is compromised. Mobile devices are now work devices, and attackers know it.
Security teams are being pushed toward layered defenses—monitoring for suspicious behavior on devices, blocking known malicious infrastructure, and using device-level telemetry to catch attacks that traditional network tools might miss.
For individuals, the risk is straightforward: if your phone is the key to your financial apps, your email, and your authentication codes, a compromise can cascade fast. Crypto users face an added threat because stolen wallet data can translate into irreversible losses.
What researchers and governments are doing about it
Coruna has sparked urgent analysis across the security community, with researchers working to reverse-engineer its components and develop detection signatures that can flag related infrastructure and behaviors.
Meanwhile, policymakers in multiple countries have been debating tighter rules around the sale and use of exploit kits—commercial hacking tools that can be used for “lawful intercept” in theory, but often end up enabling abuse in practice.
Even with increased scrutiny, researchers warn Coruna may be a preview of what’s next: more modular, more commercialized mobile exploitation that spreads from espionage into everyday financial crime.
How to protect yourself right now
The most effective step is also the simplest: update iOS. Security patches are often the only thing standing between a known exploit chain and your device.
If you’re at higher risk—such as journalists, activists, government employees, or people who manage significant crypto holdings—consider enabling Apple’s Lockdown Mode, which reduces attack surfaces by restricting certain features commonly abused in sophisticated intrusions.
Also: be ruthless about links. Avoid suspicious URLs, don’t install apps outside Apple’s App Store, and treat unexpected messages—especially those pushing you to “verify” an account or “secure” a wallet—as potential phishing attempts.
Coruna is a reminder that iPhones aren’t immune to serious compromise. As more money and identity data live on phones, attackers are following—and getting better at it.
Key Takeaways
- Coruna targets cryptocurrency wallets through iOS exploits.
- Users should update iOS to protect themselves.
- The cybersecurity community is strengthening its defenses against Coruna.
Frequently Asked Questions
What is the Coruna exploit kit?
Coruna is a sophisticated iOS exploit kit that targets cryptocurrency wallets and other sensitive information, affecting iOS versions 13.0 through 17.2.1.
How can you protect yourself against Coruna?
Updating iOS, using Lockdown Mode and private browsing, and avoiding suspicious links are effective measures to protect yourself against Coruna.
Sources
- Coruna: Inside the Nation-State-Grade iOS Exploit Kit We've … – iVerify
- Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
- Coruna iOS Exploit Kit Highlights the Need for Multi-Layer …
- Coruna: Spy-grade iOS exploit kit powering financial crime
- Coruna iOS Exploit Kit Uses 23 Exploits Across Five …



