{"id":12094,"date":"2026-03-07T21:39:04","date_gmt":"2026-03-07T16:09:04","guid":{"rendered":"https:\/\/hardwire.news\/articles\/?p=12094"},"modified":"2026-03-07T21:39:04","modified_gmt":"2026-03-07T16:09:04","slug":"update-your-iphone-now-google-warns-of-coruna-exploit-targeting-older-ios","status":"publish","type":"post","link":"https:\/\/hardwire.news\/articles\/update-your-iphone-now-google-warns-of-coruna-exploit-targeting-older-ios\/","title":{"rendered":"Update Your iPhone Now: Google Warns of ‘Coruna’ Exploit Targeting Older iOS"},"content":{"rendered":"

If you\u2019re holding an iPhone right now, you might want to stop what you’re doing and check your settings menu. I\u2019ve been tracking a recent report from the Google Threat Intelligence Group, and it’s a bit of a wake-up call. Their researchers have uncovered a nasty “exploit kit” nicknamed Coruna that has been circulating among hackers, and it\u2019s specifically designed to crack open iPhones running anything from iOS 13 up to iOS 17.2.1. What makes this particularly unsettling is how this toolkit has traveled; it\u2019s been used by everyone from high-level state spies in Russia to financially motivated scammers in China. It\u2019s a classic example of how dangerous tech doesn’t stay in one place for long\u2014it gets sold, reused, and eventually ends up targeting everyday users.<\/p>\n

How the Attack Actually Works<\/h3>\n

The way these hackers get in is surprisingly low-tech, which is why it\u2019s so effective. You don’t have to download a weird file; usually, all it takes is visiting a compromised website. Once you\u2019re there, a hidden script quietly checks your device and software version. If it sees you\u2019re running an older version of iOS, it launches one of 23 different exploits<\/b> to slide past your security. I noticed that one of the main vulnerabilities they\u2019re using was actually a “zero-day,” meaning it was a total secret until Apple patched it in iOS 17.3<\/b>. To be honest, the level of coordination here is impressive in a scary way\u2014once they’re in, they deploy a program called PlasmaLoader<\/b> that starts hunting through your phone for anything valuable.<\/p>\n

Why Your Financial Apps Are at Risk<\/h3>\n

Here\u2019s the thing that really concerns me: this isn’t just about reading your texts. The researchers found that the malware specifically targets your money. It\u2019s programmed to scan your notes, photos, and files for “red flag” keywords like “backup phrase” or “bank account.” If you use crypto wallets like MetaMask, Coinbase, or Phantom, you’re at the top of their hit list. The malware is designed to gut those apps and send your private keys straight back to the attackers’ servers. It\u2019s a aggressive reminder that our phones aren’t just communication tools anymore\u2014they’re digital vaults, and right now, the Coruna kit is a very effective crowbar.<\/p>\n

The good news? Google confirmed that this toolkit is totally useless against the latest version of iOS<\/b>. If you’re up to date, the “door” is effectively locked. If for some reason you can\u2019t update your phone immediately, I\u2019d highly recommend turning on Lockdown Mode<\/b> in your privacy settings. It\u2019s a bit extreme for daily use, but it\u2019s the best way to shrink your digital footprint until you can get that patch installed.<\/p>\n","protected":false},"excerpt":{"rendered":"

If you\u2019re holding an iPhone right now, you might want to stop what you’re doing and check your settings menu. I\u2019ve been tracking a recent report from the Google Threat Intelligence Group, and it’s a bit of a wake-up call. Their researchers have uncovered a nasty “exploit kit” nicknamed Coruna that has been circulating among<\/p>\n","protected":false},"author":6,"featured_media":12096,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[17,188],"tags":[],"class_list":{"0":"post-12094","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"category-mobiles"},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/posts\/12094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/comments?post=12094"}],"version-history":[{"count":1,"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/posts\/12094\/revisions"}],"predecessor-version":[{"id":12097,"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/posts\/12094\/revisions\/12097"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/media\/12096"}],"wp:attachment":[{"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/media?parent=12094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/categories?post=12094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hardwire.news\/articles\/wp-json\/wp\/v2\/tags?post=12094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}