If you’re holding an iPhone right now, you might want to stop what you’re doing and check your settings menu. I’ve been tracking a recent report from the Google Threat Intelligence Group, and it’s a bit of a wake-up call. Their researchers have uncovered a nasty “exploit kit” nicknamed Coruna that has been circulating among hackers, and it’s specifically designed to crack open iPhones running anything from iOS 13 up to iOS 17.2.1. What makes this particularly unsettling is how this toolkit has traveled; it’s been used by everyone from high-level state spies in Russia to financially motivated scammers in China. It’s a classic example of how dangerous tech doesn’t stay in one place for long—it gets sold, reused, and eventually ends up targeting everyday users.
How the Attack Actually Works
The way these hackers get in is surprisingly low-tech, which is why it’s so effective. You don’t have to download a weird file; usually, all it takes is visiting a compromised website. Once you’re there, a hidden script quietly checks your device and software version. If it sees you’re running an older version of iOS, it launches one of 23 different exploits to slide past your security. I noticed that one of the main vulnerabilities they’re using was actually a “zero-day,” meaning it was a total secret until Apple patched it in iOS 17.3. To be honest, the level of coordination here is impressive in a scary way—once they’re in, they deploy a program called PlasmaLoader that starts hunting through your phone for anything valuable.
Why Your Financial Apps Are at Risk
Here’s the thing that really concerns me: this isn’t just about reading your texts. The researchers found that the malware specifically targets your money. It’s programmed to scan your notes, photos, and files for “red flag” keywords like “backup phrase” or “bank account.” If you use crypto wallets like MetaMask, Coinbase, or Phantom, you’re at the top of their hit list. The malware is designed to gut those apps and send your private keys straight back to the attackers’ servers. It’s a aggressive reminder that our phones aren’t just communication tools anymore—they’re digital vaults, and right now, the Coruna kit is a very effective crowbar.
The good news? Google confirmed that this toolkit is totally useless against the latest version of iOS. If you’re up to date, the “door” is effectively locked. If for some reason you can’t update your phone immediately, I’d highly recommend turning on Lockdown Mode in your privacy settings. It’s a bit extreme for daily use, but it’s the best way to shrink your digital footprint until you can get that patch installed.
