CP
cyberpings
Malware & RansomwareHIGH

Coruna Exploit Kit Transforms from Spy Tool to Criminal Campaign

CSCSO OnlineMar 5, 2026
CorunaiOSexploit kitUNC6353UNC6691
🎯

Basically, a hacking tool for spying is now being used by criminals to steal money from iPhones.

Quick Summary

A newly discovered exploit kit, Coruna, has shifted from surveillance to mass criminal use. iPhone users are at risk as cybercriminals leverage this tool to steal cryptocurrency. Stay vigilant and protect your devices from potential threats.

What Happened

A new threat has emerged in the cybersecurity landscape, and it’s making waves. The Coruna exploit kit, initially designed for surveillance, has been repurposed by various cybercriminals to target iPhones. Google’s threat intelligence team uncovered this alarming shift, revealing a sophisticated toolkit that has changed hands from a commercial surveillance vendor to suspected Russian and Chinese hackers.

The Coruna kit contains five complete exploit chains, specifically targeting iPhones running iOS versions from 13.0 to 17.2.1. This means it can affect devices released between September 2019 and December 2023. The toolkit’s flexibility allows it to exploit newly identified vulnerabilities, making it a dangerous asset in the hands of malicious actors.

Researchers first detected elements of Coruna in February 2025, when it was being used by a customer of an unnamed surveillance company. By the summer, a suspected Russian espionage group, known as UNC6353, had repurposed it for attacks on compromised Ukrainian websites. By the end of the year, it was being used by UNC6691, a Chinese group, to target a broader audience through fake financial websites.

Why Should You Care

This situation is concerning for anyone using an iPhone. Imagine your phone is like a wallet, and this exploit kit? is a thief with a master key. If you visit a compromised site, your personal data, including cryptocurrency wallet credentials, could be stolen without you even knowing. The implications extend beyond just individual users; businesses and organizations could also be at risk, especially if they handle sensitive financial information.

The fact that this exploit kit? has evolved from a targeted surveillance tool to a mass criminal campaign highlights a troubling trend in the cybersecurity world. It shows how easily powerful hacking tools can fall into the wrong hands, potentially affecting millions of users. Your security is only as strong as the tools protecting it.

What's Being Done

In response to this growing threat, Google’s Threat Intelligence Group is actively monitoring the situation and collaborating with cybersecurity agencies like Ukraine’s CERT-UA to mitigate the risks. Here are some immediate steps you can take:

  • Keep your iOS updated: Ensure your device is running the latest version of iOS to protect against known vulnerabilities.
  • Be cautious with links: Avoid clicking on suspicious links or visiting untrusted websites, especially those claiming to be financial services.
  • Use security tools: Consider using mobile security applications that can provide an additional layer of protection.

Experts are keeping a close eye on the evolving landscape of exploit kit?s and the actors behind them. The emergence of Coruna serves as a stark reminder of the vulnerabilities inherent in our digital lives and the need for constant vigilance.

💡 Tap dotted terms for explanations

🔒 Pro insight: The rapid evolution of Coruna underscores the need for robust defenses against exploit kits in the mobile ecosystem.

Original article from

CSO Online

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

ClickFix Attackers Evolve Tactics to Bypass Security Measures

Microsoft warns about a new ClickFix phishing tactic. Attackers are tricking users into executing harmful commands via Windows Terminal. This method can compromise your data and security. Stay alert and educate yourself on these evolving threats!

CSO Online·Yesterday, 9:15 PM
HIGHMalware & Ransomware

Fake Google Meet Update Gives Attackers Control of Your PC

A fake Google Meet update is tricking users into giving hackers control of their PCs. This poses a serious risk to personal and sensitive data. Stay vigilant and avoid suspicious update prompts to protect yourself.

Malwarebytes Labs·Yesterday, 7:35 PM
HIGHMalware & Ransomware

Spyware Masquerades as Emergency App Targeting Israeli Smartphones

Israeli smartphones were targeted by spyware disguised as an emergency app. This deceptive tactic puts personal data at risk. Stay vigilant and verify app legitimacy to protect your privacy.

The Register Security·Yesterday, 6:56 PM
HIGHMalware & Ransomware

Metasploit Update: New Exploits and Enhanced Control Features

Metasploit has launched a new update with powerful exploits and features. Users of Tactical RMM and MajorDoMo are particularly at risk. Stay ahead of potential attacks by updating your systems and reviewing security measures.

Rapid7 Blog·Yesterday, 6:28 PM
HIGHMalware & Ransomware

New ClickFix Attack Uses Windows Terminal for Malicious Payloads

A new wave of ClickFix attacks targets Windows Terminal to deliver malicious payloads. Users are at risk of unauthorized access and data theft. Stay cautious and keep your software updated to protect yourself.

Cyber Security News·Yesterday, 6:05 PM
HIGHMalware & Ransomware

AI-Powered Malware: Transparent Tribe Targets India

A hacking group is using AI to create malware targeting India. This mass production of implants could compromise personal data and financial security. Experts recommend updating software and using strong passwords to protect against these threats.

The Hacker News·Yesterday, 3:11 PM