18:05 ▪
3
min read ▪ by
Google has revealed a sophisticated exploit kit targeting iPhones. It’s called Coruna and it’s used to steal cryptocurrencies through phishing attacks. Analysis of the main threat to iOS users in 2026.
In short
- Google reveals an iOS suite called Coruna is being used to steal cryptocurrencies through phishing attacks targeting iPhones (versions 13.0 to 17.2.1).
- The Coruna kit exploits iOS vulnerabilities to extract cryptocurrency recovery sentences via malicious websites.
- To protect yourself from Corona, updating your iPhone, enabling Lockdown mode and avoiding suspicious links related to cryptocurrencies are essential.
Google unveils Coruna, a crypto phishing kit targeting iOS users
In February 2025, the Google Threat Intelligence Group (GTIG) discovered Coruna, an exploit kit specifically targeting Apple devices running iOS (versions 13.0 to 17.2.1). This kit actually uses advanced exploit chains to compromise iPhones through malicious websites! Often fake crypto sites.
Once a device is infected, Coruna extracts crypto wallet recovery phrases, passwords, and other sensitive data. GTIG revealed that Coruna was being exploited by malicious actors to target iPhone users through phishing campaigns. These attacks usually occur in several stages:
- The user is prompted to visit a compromised page where a JavaScript script identifies the device and provides the corresponding exploit;
- Victims, often cryptocurrency holders, have their assets stolen within seconds.
The origin of the Coruna remains unclear, but GTIG noted similarities with instruments previously attributed to state groups. The kit has been spotted on fake Chinese crypto sites as well as in attacks targeting Ukrainian users. Google alerted Apple, which has since patched some of the vulnerabilities. However, the threat remains for non-updated devices.
Crypto phishing: how to protect yourself from Corona?
To avoid becoming a victim of Coruna, the first step is to update your iPhone to the latest version of iOS. Apple has released patches for vulnerabilities exploited by this kit. This makes updated devices immune to this threat. Also, enable Lockdown mode, a feature designed to block sophisticated attacks like Coruna.
Additionally, avoid clicking on suspicious links, especially from cryptocurrency-related sites or emails. Always verify the authenticity of URLs and prefer official platforms for your transactions. Finally, use hardware wallets to store your cryptocurrencies (bitcoin, ethereum…). These offer an additional layer of security against online attacks.
Google’s Coruna revelation reminds us that cryptophishing attacks are becoming more sophisticated. Although there are solutions, protecting your assets depends primarily on your vigilance. The question remains: are users ready to adopt best practices to protect against these ever-evolving threats?
Maximize your Cointribune experience with our “Read and Earn” program! Earn points for every article you read and get access to exclusive rewards. Register now and start reaping the benefits.
The world is evolving and adaptation is the best weapon to survive in this wavy universe. Originally a manager of the crypto community, I am interested in anything directly or indirectly related to blockchain and its derivatives. In order to share my experiences and promote a field that I am passionate about, there is nothing better than writing informative and relaxed articles.
DISCLAIMER OF LIABILITY
The views, thoughts and opinions expressed in this article are solely those of the author and should not be taken as investment advice. Before making any investment decision, do your own research.
