A sophisticated exploit kit targeting iPhones has been revealed by Google. Named Coruna, it is used to steal cryptos via phishing attacks. Decrypting a major threat for iOS users in 2026.
In brief
- Google reveals an iOS kit named Coruna used to steal crypto via phishing attacks, targeting iPhones (versions 13.0 to 17.2.1).
- Coruna kit exploits iOS vulnerabilities to extract recovery phrases from crypto wallets via malicious websites.
- To protect yourself from Coruna, it is crucial to update your iPhone, activate lock mode, and avoid suspicious crypto-related links.
Google reveals Coruna, a crypto phishing kit targeting iOS users
In February 2025, the Google Threat Intelligence Group (GTIG) discovered Coruna, an exploit kit specifically targeting Apple devices running iOS (versions 13.0 to 17.2.1). Indeed, this kit uses advanced exploit chains to compromise iPhones via malicious websites! Often fake crypto sites.
Once the device is infected, Coruna extracts crypto wallet recovery phrases, passwords, and other sensitive data. GTIG revealed that Coruna was used by malicious actors to target IPhone users via phishing campaigns. These attacks generally take place in several stages:
- The user is tricked into visiting a compromised site, where a JavaScript script identifies the device and delivers the appropriate exploit;
- The victims, often holders of cryptocurrencies, see their assets stolen within seconds.
The origin of Coruna remains unclear, but GTIG noted similarities with tools previously attributed to state groups. The kit has been spotted on fake Chinese crypto sites, as well as in attacks targeting Ukrainian users. Google alerted Apple, which has since fixed some vulnerabilities. But, the threat persists for non-updated devices.
Crypto phishing: how to protect yourself from Coruna?
To avoid becoming a victim of Coruna, the first step is to update your iPhone to the latest version of iOS. Apple has released patches for the vulnerabilities exploited by this kit. Which makes up-to-date devices immune to this threat. Next, also enable Lockdown Mode, a feature designed to block sophisticated attacks like Coruna.
Additionally, avoid clicking on suspicious links, especially those from crypto-related sites or emails. Always check the authenticity of URLs and favor official platforms for your transactions. Finally, use hardware wallets to store your cryptocurrencies (bitcoin, ethereum, etc.). These provide an additional layer of security against online attacks.
Google's revelation of Coruna is a reminder that crypto phishing attacks are becoming more and more sophisticated. Although solutions exist, protecting your assets depends above all on your vigilance. The question remains: are users ready to adopt best practices to protect themselves against these constantly evolving threats?
Maximize your Tremplin.io experience with our 'Read to Earn' program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
