• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Sunday, July 12, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Business

Powerful iPhone Exploit Toolkit “Coruna” Linked to Global Cyber Campaigns

Sophisticated Tool Can Compromise iPhones Through a Single Website Visit

by Harikrishnan A
March 5, 2026
in Business, Markets, News, Tech, Trending, World
Reading Time: 4 mins read
0
Powerful iPhone Exploit Toolkit “Coruna” Linked to Global Cyber Campaigns
TwitterWhatsappLinkedin

Cybersecurity researchers have uncovered a highly advanced hacking toolkit capable of silently infecting iPhones when users simply visit a malicious website. The toolkit, known as Coruna, has been observed in multiple cyber campaigns targeting victims in different regions, raising concerns about how sophisticated surveillance tools are spreading beyond their original operators.

You might also like

The Impending Chasm OpenAI Face Potential Cash Exhaustion by Mid-2027

Volkswagen ID. Unyx 09 Revealed With Up to 496 HP Ahead of China Launch

Modern EV Batteries Are Lasting Far Longer Than Buyers Once Feared, New Data Shows

Investigators say Coruna is particularly dangerous because it allows attackers to compromise devices with minimal user interaction. In many cases, victims only need to open a web page containing hidden exploit code for the attack to begin. Once triggered, the exploit chain can bypass several layers of iPhone security and install malware without any visible warning.

Security experts believe the toolkit may have moved through several different hands over time. Evidence suggests it may have first been used in targeted surveillance operations before eventually appearing in cybercrime campaigns aimed at stealing cryptocurrency. The shifting use of Coruna highlights a growing problem in cybersecurity: powerful digital espionage tools originally developed for intelligence purposes can eventually leak or be resold, making them accessible to criminal groups.

Researchers Identify a Complex Exploit Framework

A detailed investigation by researchers at Google revealed that Coruna is not a single exploit but a comprehensive toolkit designed specifically to break into iPhones. According to the analysis, the framework contains five separate exploit chains, each capable of bypassing important security protections built into Apple’s mobile devices.

In total, the toolkit exploits 23 vulnerabilities in Apple’s mobile operating system. The ability to combine so many vulnerabilities into a working attack platform is rare and usually requires significant financial resources and technical expertise.

The vulnerabilities exploited by Coruna are primarily linked to Apple’s web browsing engine. This means that the attack can be triggered when users visit a compromised website through the Safari browser.

Security analysts say that assembling a toolkit of this complexity typically requires a team of highly skilled developers and significant funding, suggesting the project may have originally been created by a state-backed group or a contractor working with government agencies.

Evidence of Multiple Campaigns Across Regions

Google’s research indicates that Coruna has been used in several distinct campaigns over the past year.

The earliest traces of the toolkit appeared in early 2025. At that time, researchers detected elements of the exploit being used by what was described as a client of a surveillance company. While the organization behind the operation was not publicly identified, the attack pattern resembled targeted monitoring activities often associated with government-backed intelligence operations.

Several months later, investigators discovered a more complete version of the toolkit embedded in websites based in Ukraine. In this campaign, attackers concealed the exploit code within visitor-tracking scripts commonly used to monitor website traffic.

Security analysts believe the operation was likely carried out by a Russian-linked espionage group seeking to monitor Ukrainian targets. The technique allowed attackers to compromise visitors to affected websites without raising suspicion.

Later discoveries revealed a very different use of the toolkit. Researchers found Coruna deployed on Chinese-language websites focused on cryptocurrency trading and online gambling. In these cases, the attackers used the exploit to infect visitors with malware designed to steal funds from cryptocurrency wallets.

The shift from intelligence gathering to financial theft illustrates how advanced cyber tools can move beyond their original purpose and become instruments for criminal profit.

Possible Connections to Earlier Spyware Operations

Security firm iVerify also analyzed parts of the Coruna toolkit and discovered similarities with a previous hacking campaign known as Operation Triangulation.

That earlier campaign was discovered in 2023 after targeting employees at the Russian cybersecurity company Kaspersky. The operation involved sophisticated iPhone exploits capable of infiltrating devices used by company staff.

Following the discovery of Operation Triangulation, Russian authorities publicly claimed that the attack had been carried out by the National Security Agency, although no official confirmation was provided by the United States.

Researchers studying Coruna noticed technical overlaps between the two toolsets. Some components appear to function in similar ways, leading to speculation that they may have originated from the same development effort or shared code base.

Analysts at iVerify say the structure of Coruna suggests a highly organized development process. The code appears polished and modular, indicating that it may have been designed as part of a larger, coordinated project rather than pieced together from unrelated exploits.

Concerns Over Leaked Cyber Weapons

The emergence of Coruna in criminal activity has sparked concerns about the security of advanced hacking tools.

Experts warn that if the toolkit was originally created for intelligence operations, its appearance in criminal campaigns could signal that it has leaked into the broader cyber underground.

This situation has drawn comparisons to EternalBlue, a powerful hacking tool that was stolen from the U.S. government and later used in global cyberattacks.

The leak of EternalBlue enabled large-scale incidents such as the WannaCry outbreak and the destructive NotPetya attack, both of which caused billions of dollars in damage worldwide.

Cybersecurity experts worry that Coruna could represent a similar situation for mobile devices if the toolkit continues to circulate among threat actors.

Another factor complicating the situation is the global marketplace for zero-day exploits—previously unknown software vulnerabilities that can be used to break into devices before developers release security patches. These vulnerabilities can command extremely high prices, sometimes reaching tens of millions of dollars.

Exploit brokers often buy such vulnerabilities from researchers and sell them to governments, intelligence agencies, or private clients. In some cases, the same exploit may be sold multiple times, increasing the risk that it eventually reaches malicious actors.

Tens of Thousands of Devices May Already Be Infected

Although many of the vulnerabilities used by Coruna have now been patched, researchers believe the toolkit may already have compromised a significant number of devices.

Data analyzed by iVerify indicates that roughly 42,000 iPhones may have been infected during the cryptocurrency-focused campaign alone. This estimate is based on network traffic connected to servers used to control the malware.

The malicious software deployed in those attacks was primarily designed to steal cryptocurrency stored in digital wallets. However, researchers say it also had the capability to collect personal information from infected devices, including photos and potentially email data.

The total number of victims could be higher when earlier espionage operations are taken into account, particularly those involving compromised Ukrainian websites.

Software Updates Provide Protection

Researchers note that the Coruna toolkit primarily targets older versions of Apple’s operating system, specifically versions ranging from iOS 13 to iOS 17.2.1.

Apple has since addressed many of the exploited vulnerabilities in newer updates, including iOS 26. Users who keep their devices updated are therefore far less likely to be affected by the known exploit chains.

The toolkit also appears to avoid attacking devices that have Apple’s Lockdown Mode enabled. This security feature was introduced to protect individuals who may face advanced digital surveillance, such as journalists, activists, and government officials.

Despite these protections, cybersecurity experts emphasize that many users continue to run outdated software, leaving them exposed to attacks that have already been patched.

Tags: Apple securityCoruna exploitcryptocurrency theftCybersecurityGlobal CybercrimeiOS SecurityiPhone HackMobile MalwareOperation TriangulationZero-day vulnerabilities
Tweet55SendShare15
Previous Post

Bridging the Gap: Western Union Unveils New Dollar Stablecoin to Transform Global Money Transfers

Next Post

FirstClub Nears $60 Mn Fundraise as Valuation Crosses $250 Mn Mark

Harikrishnan A

Aspiring writer. Enjoys gaming, fried chicken and iced tea, preferably all together.

Recommended For You

The Impending Chasm OpenAI Face Potential Cash Exhaustion by Mid-2027

by Anochie Esther
July 12, 2026
0
OpenAI could run out of cash by mid-2027

The staggering upward trajectory of the generative artificial intelligence boom has officially run straight into the unyielding law of capital constraints. For the past three years, the tech...

Read more

Volkswagen ID. Unyx 09 Revealed With Up to 496 HP Ahead of China Launch

by Samir Gautam
July 12, 2026
0
Volkswagen ID. Unyx 09 Revealed With Up to 496 HP Ahead of China Launch

Volkswagen is gearing up to expand its electric vehicle portfolio in China with the upcoming ID. Unyx 09, a performance-focused electric sedan that combines striking styling with impressive...

Read more

Modern EV Batteries Are Lasting Far Longer Than Buyers Once Feared, New Data Shows

by Samir Gautam
July 12, 2026
0
Modern EV Batteries Last Longer Than Expected

For years, one of the biggest concerns surrounding electric vehicles has been battery life. Many potential buyers worried that the battery pack would lose its capacity within a...

Read more
Next Post
FirstClub Nears $60 Mn Fundraise as Valuation Crosses $250 Mn Mark

FirstClub Nears $60 Mn Fundraise as Valuation Crosses $250 Mn Mark

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?